GunnAllen Financial has been fined by the Securities and Exchange Commission (SEC) for breaching customer data security, and it’s not the first time that GunnAllen has been accused of violating customer privacy rules. It has already faced three cases of stolen laptops and one case of unauthorized access to corporate email by a former employee.
This time the SEC takes measures against the company that fails to provide the security of their clients’ personal data. It has recently fined three former employees of GunnAllen Financial, a broker-dealer company that went bankrupt in November 2010. The SEC has obliged the former president Frederick O. Kraus and the former national sales manager David C. Levine to pay penalties of $20,000 each. The fine of the third accused, the chief compliance officer Mark A. Ellis, is $15,000. The SEC claims that Kraus and Levine used the private information of the former GunnAllen’s clients for a new firm. The private information included customer names and addresses, account numbers and asset values. The thing is that the customers didn’t know that their data had been shared. Thus they couldn’t object to it. On top of that, the data were carried on an unencrypted thumb drive.
Although GunnAllen has already been repeatedly involved in cases of stolen unencrypted laptops, it did not bother to review and improve its data security policies to ensure the safety their clients’ information using the encryption technology.
The problem of personal data security is quite widespread nowadays. Many companies neglect the basic rules to protect their customers’ information. For instance, a BP employee has recently lost a laptop that contained identifiable information for nearly 13,000 people. The laptop wasn’t encrypted. Although there are no reasons to think that it was stolen and the information would be sooner or later used by identity thieves, the situation is still no good for the company’s business reputation.
According to a survey carried out by the Ponemon Institute, companies annually lose about 261 laptops and only 5% of them have ever been recovered.
Many companies still underestimate the importance of personal data security. They seem not to learn from their mistakes. While the most basic rules for providing data security are quite simple. The companies should not only password-protect their laptops (which won’t help against hacking), but encrypt all the information as well. A simple but reliable encryption system Cryptic Disk can easily handle this challenge. Using it, one can be sure of the security of data stored on the computer.