Wednesday, January 17, 2007
Mass. settles with financial services firm over stolen laptop
Mass. settles with financial services firm over stolen laptop
Linda Rosencrance
December 15, 2006 (Computerworld) Minneapolis-based Ameriprise Financial Services Inc. has agreed to pay $25,000 to the commonwealth of Massachusetts in connection with the loss of a laptop containing personal and financial data on thousands of Massachusetts residents, Secretary of State William Galvin said this week.
The laptop was stolen in December 2005 from an Ameriprise employee who had left it unsecured and unattended in a locked vehicle in a parking lot. The exact location of the theft is unclear, although the laptop has since been recovered.
The computer contained information on about 158,000 customers, including their names, account numbers or Social Security numbers, and account values. It also held identifiable personal information on about 68,000 current and former Ameriprise advisers, including their names and Social Security numbers.
The employee used the information, which was not encrypted, to create business reports. According to Galvin, the employee violated Ameriprise policies and procedures by leaving the company's premises with the laptop and by not encrypting the sensitive information. In addition, saving the information to the laptop's hard drive was a violation of Ameriprise's policies and procedures at the time, according to a memorandum of understanding between the state and the company.
After the laptop was recovered, a forensic analysis firm determined that none of the sensitive data had been accessed.
Ameriprise officials could not be reached for comment.
Ameriprise has also agreed to hire an independent consultant to review its policies and procedures concerning the use of laptops that contain personal and financial information of its customers, Galvin said. The consultant will be required to submit a written report to Galvin's office within six months, setting out recommendations and including written verification that Ameriprise has implemented them.
"The amount of personal data that was on this employee's laptop computer is shocking," Galvin said in a statement. "Most of this information should not have been there. Registered broker dealers who give employees access to sensitive personal information and then allow them to carry this information on laptop computers must be held responsible and must implement all reasonable steps to prevent this form of investor abuse."
Linda Rosencrance
December 15, 2006 (Computerworld) Minneapolis-based Ameriprise Financial Services Inc. has agreed to pay $25,000 to the commonwealth of Massachusetts in connection with the loss of a laptop containing personal and financial data on thousands of Massachusetts residents, Secretary of State William Galvin said this week.
The laptop was stolen in December 2005 from an Ameriprise employee who had left it unsecured and unattended in a locked vehicle in a parking lot. The exact location of the theft is unclear, although the laptop has since been recovered.
The computer contained information on about 158,000 customers, including their names, account numbers or Social Security numbers, and account values. It also held identifiable personal information on about 68,000 current and former Ameriprise advisers, including their names and Social Security numbers.
The employee used the information, which was not encrypted, to create business reports. According to Galvin, the employee violated Ameriprise policies and procedures by leaving the company's premises with the laptop and by not encrypting the sensitive information. In addition, saving the information to the laptop's hard drive was a violation of Ameriprise's policies and procedures at the time, according to a memorandum of understanding between the state and the company.
After the laptop was recovered, a forensic analysis firm determined that none of the sensitive data had been accessed.
Ameriprise officials could not be reached for comment.
Ameriprise has also agreed to hire an independent consultant to review its policies and procedures concerning the use of laptops that contain personal and financial information of its customers, Galvin said. The consultant will be required to submit a written report to Galvin's office within six months, setting out recommendations and including written verification that Ameriprise has implemented them.
"The amount of personal data that was on this employee's laptop computer is shocking," Galvin said in a statement. "Most of this information should not have been there. Registered broker dealers who give employees access to sensitive personal information and then allow them to carry this information on laptop computers must be held responsible and must implement all reasonable steps to prevent this form of investor abuse."
Labels: Ameriprise Financial Services Inc.
# posted by raveneye @ 11:55 AM 
