Massachusetts' Secretary of the Commonwealth William F. Galvin has announced a consent order regarding a broker-dealer’s failure to supervise agents who mishandled the personal information of Bay State clients.
According to the consent order, New Jersey-based Summit Equities failed to supervise registered agents, allowing them to enter clients’ personal identifying information into a third-party, web-based customer relations management system, in violation of Summit’s own privacy and security policies. A Dec. 27 press release from Galvin’s office notes that the information was under the agents’ exclusive possession at the time, and Summit had no access or control over the information when its agents terminated their employment with the company.
As part of what was described as Summit’s failure in their duty to supervise its agents, this allowed the agents to access and share clients’ names, Social Security numbers, relationships, account and insurance details, and other notes about the customers after the agents had terminated their relationship with Summit Equities. “While Summit had measures in place to wipe all personal information relating to customers from agents’ devices, this system was not in place for the third-party system being used by the agents,” according to the announcement.
Under the terms of the consent order, Summit Equities will pay a fine of $100,000, report the corrective measures it has taken, and notify all Massachusetts customers potentially impacted by that their personal information may have been compromised.