The Financial Industry Regulatory Authority (FINRA) agreed to settle its enforcement action with Sterne Agee & Leach, Inc. (Sterne) this week for $225,000. The enforcement action followed the loss of an unencrypted laptop by an information technology employee when it was left in a restroom and was never recovered. The laptop contained the names, addresses, account numbers and tax ID numbers of all account holders–approximately 350,000 individuals–that the firm had opened between 1992 and 2013.
In assessing the settlement, FINRA stated that Sterne failed to take appropriate precautions to protect the information and failed to have written security protocols to ensure that the information was safeguarded by appropriate technology.
FINRA has exercised regulatory authority over the security practices of financial entities under its jurisdiction, and has become more active in assessing fines and penalties. Businesses servicing the financial industry may wish to review existing security practices to determine whether they are using best practices in securing customer information, including encryption for mobile technology and laptops.