In a shocking news, the SEC has imposed a penalty of 35 million USD on Morgan Stanley Smith Barney (MSSB)- the subsidiary of Morgan Stanley. This subsidiary arm is responsible for the wealth management processes and operations of Morgan Stanley.

It came to the attention of the SEC that MSSB failed in its statutory duty to safeguard the Personal Identifying Information of numerous clients & customers because of the non-destruction of HDDs containing this data.

According to the various statements released by the SEC, the MSSB did not safeguard the personal identifying information (PII) of roughly 15 million users from 2015 to 2020.

On numerous occurrences, the company reportedly hired a storage and moving service with no skills or experience in data disintegration solutions to decommission a large number of servers and HDDs having the PII of MSSB clients.

The SEC inquiry discovered that the above-referred moving company had sold numerous of these servers and hard disk drives to a third party, which were then sold online, still containing non-encrypted consumer information and other PPI.

Furthermore, the SEC claims that the company faltered in the protection of PPI and safe disposal of customer reports and user data while conducting an equipment upgrade program. It was revealed that during the decommissioning, 42 servers with encrypted customer PII and information regarding consumer reports could not be located. Besides, local devices with encrypting capability were not activated with the software, for years.

The MSSB has played safely by agreeing to the penalty in entirety but without the liability of admitting the legal liability.

You can find latest fintech news, insightful analysis of the financial sector, and the latest events in the fintech world at our website.