Menu
Bloomberg clamps down with data-access policies after scandal

Bloomberg clamps down with data-access policies after scandal

The financial data and news company develops in-house access controls after controversy over journalists seeing client information

Financial data and news company Bloomberg has developed in-house access controls and embraced several other technological fixes after it emerged last year that the company's journalists had routinely accessed data on how Wall Street clients were using the company's computer terminals.

Bloomberg on Thursday released a report outlining more than 65 technology and process changes the company has made based on August recommendations from outside advisors, including law firm Hogan Lovells and regulatory compliance firm Promontory Financial Group. The company has adopted, or is working to adopt, every recommendation from the outside auditors, Bloomberg CEO Daniel Doctoroff said in a letter accompanying the report.

"We have tapped the best technical minds at our company, including our R&D department, to build off some of our historic innovations like the use of biometric finger image authentication, and to perform a comprehensive analysis of our systems to identify deficiencies and recommend enhancements," Doctoroff wrote.

Bloomberg journalists were able to see some information on how the company's terminals were used on Wall Street, including when customers had logged in and when they looked up data on equities, bonds or other broad categories, according to news reports from last May. Bloomberg client Goldman Sachs had raised concerns about a reporter's questions related to an employee's terminal use.

One of the goals of releasing the report is for Bloomberg to "reach out so that we can set more standards across the industry, so that others can learn from what we went through," said Paul Wood, Bloomberg's new chief risk and compliance officer.

The company has pumped up its access controls, by monitoring user activity logs and employing automated triggers to check on systems access, the report said. The access controls implemented by the company may be among the most sophisticated available and allow the company granular control over who has access to company data, based on employee roles, geography and other factors, Wood said.

The company integrated its access control systems with its personnel databases, allowing Bloomberg to track employees as they change positions, Doctoroff said in his letter.

Bloomberg, using access control systems developed in house, has tried to "transform the access to data," Wood said. Access control is a difficult challenge that many companies are still wrestling with, he said.

The company has long used fingerprints as part of the log-on process on its financial terminals, and that functionality helps Bloomberg monitor information access and "prevent an inflation of permissions" as employees change jobs within the company, said Steven Ross, Bloomberg's chief client data compliance officer.

The company has centralized its activity logs to review users' attempts to log in to unauthorized parts of its system, the company said in the report. It has scheduled periodic testing on the role-based access system, as Hogan Lovells recommended, and it has established a working group to search its software code for instances where passwords might be able to exceed role-based restrictions.

The report recommended a handful of changes related to internal software development, with Hogan Lovells saying that there was some use of production data in the software development process, without the data being scrubbed. Some of those changes, including a recommendation that the company consolidate the systems for tracking changing to software code, are scheduled to be completed this year.

Also in progress is a Hogan Lovells recommendation for Bloomberg to monitor activity logs and use automated triggers to detect unauthorized access to Bloomberg's databases containing sensitive client data.

Out of nearly 80 recommendations from outside advisors, Bloomberg has implemented all but 11, with most of those remaining items scheduled to be completed this year, Paul said.

The August report contains several recommendations from veteran journalist Clark Hoyt. He recommended that Bloomberg journalists not be banned from using the company's terminals, but that proper access control be implemented. He also recommended all employees sign a confidentiality agreement, and Bloomberg has completed that recommendation.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Paul WoodSteven Rossaccording to news reportsHogan Lovellsfinancebusiness managementindustry verticalsBloombergPromontory Financial GroupClark HoytDaniel Doctoroffsecuritydata breach

Featured

Slideshows

Reseller News launches inaugural Hall of Fame lunch

Reseller News launches inaugural Hall of Fame lunch

Reseller News welcomed 2015 and 2016 inductees - Darryl Swann, Dave Rosenberg, Gary Bigwood, Keith Watson, Mike Hill and Scott Green - to the inaugural Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed how the channel can collectively work together to benefit New Zealand, the Kiwi skills shortage and the future of the industry. Photos by Maria Stefina.

Reseller News launches inaugural Hall of Fame lunch
Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Show Comments