By Jedidiah Bracy, CIPP/US, CIPP/E
In response to revelations last May that Bloomberg News and some of its journalists were using terminals that had access to sensitive financial subscriber data, the organization conducted and has now released the results of a comprehensive external review of its data and privacy practices. Conducted by Hogan Lovells and Promontory Financial Servies, the review examined Bloomberg news stories, employees, client data systems and other documents, to locate and address the company’s governance framework.
The comprehensive review analyzed more than 500,000 news stories, interviewed 425 Bloomberg employees, conducted 230,000 tests of client data systems and examined more than 350 internal policy documents in order to provide a set of recommendations.
The review concludes that Bloomberg now has proper data policies and controls in place that are consistent with the review’s recommendations. Among the many recommendations set forth by the external review is the expansion of employee privacy training and client data compliance policies and procedures. Bloomberg will now have “mandatory firm-wide training on privacy and client data issues” and is developing module-specific training for various employee roles. Additionally, Bloomberg has implemented a portal to provide access to privacy training modules. Bloomberg has also enhanced its governance framework and now restricts journalist access to client data.
In a letter and video to its clients, Bloomberg President and CEO Daniel L. Doctoroff said Hogan Lovells and Promontory “looked deep into our organization at everything from physical and cyber security to our privacy policies to assess whether we could meet our protection obligations to our clients.” He added, “I’m gratified that the…report states that we have appropriate client data policies and controls in place.”
Read more by Jedidiah Bracy:
A Roundup of Obama's Surveillance Changes
Senate Committee Presses NSA; Agencies Willing to Re-evaluate Program
Committee Hears Testimony, Patriot Act Must Change
FTC, Irish DPA Release Mutual Enforcement Agreement