Minneapolis (MN) – Financial consulting firm Ameriprise has reached a settlement with the state of Massachusetts over a case of widespread data theft that occurred because of a stolen laptop last year. The firm agreed to pay $25,000 to the state, as well as to hire a new security consultant.
Early this year, Ameriprise began warning clients about a possible compromise to their personal data when an employee’s laptop was stolen, containing information of more than 220,000 clients and advisors. Masachusetts investigated the case because a number of those at risk were residents of that state. Even though there was no evidence of negligence from Ameriprise, the firm was held liable because brokerage companies assume the risk and take responsibility for any compromise of sensitive data of their clients, regulators have contended.
Beth Givens, director of the San Diego-based Privacy Rights Clearinghouse consumer advocacy group called this a wakeup call. “I’m hoping that this action serves as a catalyst for companies to adopt policies and procedures requiring encryption of mobile computers,” she said. The group said that this was the first case of action taken against a company as a result of the theft of one of their employees’ laptops.
Avoiding to mention any details, Ameriprise just made a token statement regarding the new settlement with the Northeastern state. “We’ve been working closely with the commonwealth of Massachusetts throughout this process and are pleased to resolve the matter,” the firm said.
No reports of mass identity theft were confirmed as a result of the stolen laptop, which contained social security numbers, phone numbers, and home addresses of about 160,000 clients and 60,000 advisors. According to the reports, the sensitive data was never accessed by the burglar.
In addition to paying $25,000 to the Commonwealth of Masachusetts, Ameriprise’s settlement requires the addition of a new security consultant to the firm, who will review company policies and, after six months, submit recommendations to beef up the security of client and employee data.