Tue, July 06, 2010
MA Securities Division Recovers From Its Own Security Breach
The Commonwealth of Massachusetts requires companies to notify individuals if there is evidence that their personal confidential information has been leaked inappropriately. In fact, MA law requires that notice also be given to the department of consumer affairs and the state attorney general's office if this happens. Apparently, the attorney general's office almost had to notify itself last month after it accidentally disclosed thousands of Social Security numbers.
According to today’s Boston Globe, the Commonwealth’s Securities Division, which oversees registered investment advisers, was asked for public information on the state’s advisers by IA Week, a magazine for advisers. The division responded by sending a CD containing the SS numbers, birthdates, places of birth, height, weight, hair color, and eye color of 139,000 Bay State investment advisers. A new employee responded to the magazine’s request for information and the individual had not been trained about the need to delete sensitive information from the data before sending it.
IA Week has since returned the CD to the state. The AG’s office apparently does not believe that the data will be misused, so technically it might not be obliged under the law to notify anyone. Despite this, last week the Massachusetts securities division began sending letters to advisers affected by the mishap.
Beyond the obvious irony of the situation, this story shows that no matter how careful you are about protecting your personal information, there are many sources from which your information can be leaked in spite of your best efforts.
I’m not an extremist regarding identity theft protection, but I’m becoming more attracted to the notion that almost everyone should request a “data freeze” for his or her credit files. One of the worst problems with identity theft is that thieves may open new accounts in the name of the victim and run up debts that subsequently ruin the person’s credit record.
With a data freeze, even if your information is compromised, a data thief should not be able to open any new accounts in your name. I’ve mentioned this option before; I think it’s the most effective way to protect against the consequences of a data breach and it’s much cheaper than the various monitoring services that are available. The National Foundation for Credit Counseling has a helpful article on the pros and cons of a credit file freeze. If you’re about to take out a mortgage or apply for other credit, you may want to hold off on getting a freeze; you could encounter a delay when you need to “unfreeze” your data.