Who’d have expected it? Anyone with half a brain.
Last week, The Wall Street Journal reported that many of Wall Street’s biggest banks are settling allegations of their employees’ violation of regulatory requirements through their use of personal messaging apps like WhatsApp and Signal to do business off the radar of regulatory controls, and, allegedly, to share information on investment terms, client meetings and other business.
The paper reports that the biggest banks are agreeing to pay as much as $200 million each, with fines likely to top $1 billion.
Although SEC and Commodity Futures Trading Commission rules are not HIPAA nor are they state confidentiality of medical records laws, they are clearly analogous.
What prohibitions have you put in place to monitor your staff’s use of both personal devices and apps which fly beneath the radar of privacy and security law compliance?
Prohibitions alone certainly aren’t enough in that, as in the reported story, the business use of applications such as WhatsApp and Signal, which can be set up to automatically delete messages, already violated regulatory requirements. Policies, procedures, and investigation and enforcement are all required.
Go figure, people actually cheat? What do you know!
If you don’t know, the violation might just be on you.