Regulators Inadvertently Release Advisers' Personal Information

Lora Bentley

As much as they fuss and then fine those they oversee when a data breach or similar misstep occurs, sometimes it helps to remember that even regulators are only human. Nothing demonstrates the concept better than a story out of Massachusetts.


InvestmentNews reported Tuesday that the Massachusetts Securities Division sent personally identifiable information for more than 130,000 securities advisers to a trade publication. In data included not just names, home addresses and Social Security numbers, but also dates and locations of birth, height, weight, hair color and eye color, according to The Boston Globe. The advisers found out about the breach in a letter from the securities division and Secretary of State William Gavin.


Apparently, IA Week had asked for a list of advisers registered in the state. The division delivered the list - and then some - on CD-ROM. IA Week returned the disk upon realizing the goof. A spokesperson for the securities division said:

...[T]he important thing is there was no breach and...the material was returned intact.

Advisers would beg to differ with that assessment, I imagine. In fact, Deborah Maloy, principal of Maloy Financial Services, told InvestmentNews:

Client confidentiality is so important, and now our confidentiality is breached. We didn't even think about it. ...This is a big mess. [Mr. Gavin] is the guy who's regulating us, and he's always on our case.

She said she'll probably ask credit-reporting agencies to freeze her accounts. Others who commented on the story don't want to let the regulator off so easily. They're calling for a self-imposed fine equal to what an adviser would pay if he or she accidentally leaked client information -- roughly $695 million.

Add Comment      Leave a comment on this blog post
Jul 8, 2010 11:02 AM MJC MJC  says:

Questions: 1.  When was the CD sent to IA Week; 2. When in June was the CD returned?  3.  Why isn't the Mass. MSD required to pay for CreditWatch monitoring for the advisors for at least one year like when credit card info is breached?

Jul 11, 2010 12:43 PM James James  says:

The website  states 'The only non-public information that was disclosed were names with residential addresses and social security numbers.' However, I read several articles that state dates and locations of birth, height, weight, hair color and eye color were disclosed as well. That seems to me to be non-public information as well. Why shouldn't the state be fined for their mistake? Lora, do we have any rights to take action?


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.