The Massachusetts Securities Division sent out letters last week informing some 139,000 advisers registered in the Bay State that it had mistakenly sent a CD-ROM with advisers' personal information to a trade publication, as
InvestmentNews has reported this week. The information included advisers' social security numbers and residential addresses — and many of these advisers have voiced their frustration, noting that
they have little recourse to take the issue up with state regulators.
Below are responses from six of the advisers who were impacted by that security snafu. What would you do if your personal info was compromised by a state regulator?
ETKnowles wrote:
I recieved two of those letters. I guess they wanted to be sure I was paying attention.
My only note is that if any of us did that we would be put out the door. I hope our fine public servents in MA have the same standards that we do... In AZ when that has happened, the folks have been sent home for two weeks of paid administrative leave. What a deal, make a massive error and get two weeks of paid vacation...
CHIPWAY wrote:
Generally speaking,
we are the clients of the state and as such should also have our info encrypted. No time lines are revealed by the state and we therefore don't know how long someone had our critical personal data in their possession. In lieu of a "fine", the state should monitor our credit reports for a year and reimburse us for breaches. Just telling us about this mistake doesn't eliminate our huge exposures. Where's the AGs voice in all of this? Oh yeah, she's out criticizing Scott Brown - again.
BRUCE_CUNNINGHAM wrote:
It was not only MA Residents that had their info released. I'm a FL Resident that also holds a MA Non-Resident license.
I got the same letter saying my personal info had been part of the unauthorized release. There was no apology, or explanation in the notification letter from Bryan J Lantagne, Director, MA Securities Division. He only included a fact sheet about MA General Laws 93H, Notice Requirements that said I could write the 3 consumer reporting agencies and pay $5.00 to each to Place, Temporarily Lift, or Permanently Remove a security freeze on my credit report. These fees were mandatory unless I could prove I am a victim of identity theft & can provide a copy of a police report.
MICHAEL_SCHWARTZ wrote:
As I remember
no where in the letter did it ever say that the regulator sent out the information just that it was done. It seems it would be a bit better if they were entirely forthcoming.
JOSEPH_WILSON wrote:
Isn't ironic that the Massachusetts AG never had to prove damages to extort settlements out of securities firms - why bother with that pesky due process thing and all the hassles of a trial by jury when you can threaten defendants with being put of business and get the money - but when it comes to us as individuals - and it is us as individuals at risk not our firms - its passed off as a simple one time mistake and no problem.
Would the AG be so forgiving if one of our firms accidently mailed a CD full of client info to a publication? I doubt it. Galvin is every bit as big of a hypocrite as Spitzer - When we violate a rule - proven or not, prepare to suffer the most dire consequences.
STEVE_DAWSON wrote:
I think they at least owe us an ID or credit monitoring service so that we can make sure there was no breach. Just because they don't think there was information taken doesn't make it so...
we have to monitor our credit for years because of this.
