CD ROMs with Data on 34,000 Investors Lost in the Mails
Another example of the perils of entrusting others with our most critical and sensitive personal data.
Data on the lost CD ROMs "includes clients’ names, addresses, account and tax identification numbers, the income earned on the investments in 2010, and—for some clients—Social Security numbers."
The CD ROMs "were password-protected but not encrypted." That means that the data on the CD ROMs could probably be extracted, saved, and distributed. That's a big loss of privacy for the trusting clients.
Apparently the data on the CD ROMs was part of a compliance filing with the New York State Department of Taxation and Finance. No doubt more appropriate safeguards will be put in place in the future. And it goes without saying that the costs for remedying this situation will be high, whereas the cost of properly implementing procedures that would have safeguarded the data would have been much less.
As investors, we must trust a variety of vendors with our personal data. It's worth asking the vendor exactly how they handle our data, and to carefully read copies of the vendor's written procedures for security of our data.
Investors can no longer afford to blindly trust vendors with our personal data. We advise always being cautious in releasing your personal data, and having close communication with financial vendors about how they protect and share our most private information.