Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Financial Privacy

For First Time, SEC Imposes Fines Based Solely on Privacy Violations

The Securities and Exchange Commission (SEC) announced yesterday that three former executives of GunnAllen Financial, Inc., a Tampa-based broker-dealer, agreed to settle charges that they had violated Regulation S-P by failing to protect confidential information about their customers. This action marked the first time that the SEC had assessed financial penalties against individuals charged solely with violations of Regulation S-P, which requires broker-dealers, investment advisers, and other financial institutions under the SEC’s jurisdiction to protect their customers’ nonpublic personal information and to provide their customers the right to opt out of having their information shared with unaffiliated third parties. 

According to the SEC’s orders, as GunnAllen was winding down its business operations last year, the firm’s national sales manager, acting with the authorization of its president, transferred the names, addresses, account numbers, and asset values of more than 16,000 customers to a portable USB drive and provided those records to his new employer. The SEC determined that this transfer violated Regulation S-P because account holders were notified about it after the fact and not given reasonable notice and opportunity to opt out. The SEC also found that GunnAllen’s former chief compliance officer failed to ensure that the firm’s policies and procedures were reasonably designed to safeguard confidential customer information. According to the SEC, the policies and procedures were vague and simply recited the relevant portions of Regulation S-P verbatim, rather than specifying the security measures actually adopted by the firm. In addition, the compliance officer failed to revise or supplement the policies and procedures in response to several security breaches that occurred between 2005 and 2009. 

GunnAllen’s president and national sales manager each agreed to a $20,000 fine, and the chief compliance officer agreed to a $15,000 fine. In addition, all three, without admitting wrongdoing, agreed to SEC censure. 

The SEC’s announcement is available at the following link: http://www.sec.gov/news/press/2011/2011-86.htm