SEC drops 42 cases after staff mess up data protection controls
Take action: Breach of segregation of duties and data isolation sometimes causes massive and expensive efforts to become useless.
Learn More
The US Securities and Exchange Commission (SEC) has dropped proceedings against 42 companies and individuals after discovering that its enforcement staff accessed confidential documents intended solely for judges' review.
The acces has violated the separation between the agency's enforcement and adjudication functions. The dismissals came after a review prompted by earlier cases where enforcement staff had improper access to adjudicatory memoranda, resulting in them downloading restricted databases and sharing the information with other unauthorized colleagues.
An external investigation found that the mishandling of data was more extensive than initially disclosed.
The statement released by the SEC: "We deeply regret that the agency's internal systems lacked sufficient safeguards surrounding access to Adjudication memoranda, and we are continuing our work to ensure that, going forward, work product from the Adjudication staff is appropriately safeguarded."
The dismissed cases include long-standing ones. The SEC stated that there was no evidence of harm to respondents or any impact on the Commission's adjudication but acknowledged the deficiency in data controls and pledged to improve its practices in the future.
