Bloomberg privacy breaches raise red flags: experts
Bloomberg’s privacy breach scandal has angered clients, and prompted regulators and central bankers to demand an explanation, and privacy experts say the scandal poses some disturbing questions.
The matter came to light after blue chip investment bank Goldman Sachs realised that journalists had access to more information than it had known and argued the information was too sensitive to be seen by reporters.
Goldman complained to the financial news and data provider, prompting a public apology from Bloomberg chief executive Daniel Doctoroff last week. On Tuesday, Doctoroff followed that with a second apology in a bid to restore confidence among Bloomberg’s 315,000 clients worldwide.
The news of Bloomberg’s privacy breach triggered fears at Wall Street firms about the privacy of sensitive data, as well as at the Fed and other US government departments that use Bloomberg terminals.
Central banks have queried the matter, with the Bank of England describing the practice as “reprehensible”.
Central banks examining the matter include US Federal Reserve, the European Central Bank, the Bank of Japan, the Bank of Canada, Germany’s Bundesbank and the Hong Kong Monetary Authority.
Adding to Bloomberg’s woes, the Financial Times reported on Tuesday that more than 10,000 private messages sent between users of Bloomberg’s financial terminals had leaked online, deepening concerns about privacy. The newspaper said Bloomberg had since taken down those private message records from the internet on Monday.
Below are some comments on the case by a privacy and security expert, a Hong Kong lawmaker and a Bloomberg client:
Peter Koo, National Leader of Security, Privacy & Resiliency for Deloitte in the Greater China region:
“Bloomberg customers’ personal information can be accessed, including senior management of big corporations and central banks of various countries. This severely damages the customer confidence and has a negative impact to corporate credibility and image,” Koo said in a statement. “Personal data shall be used for the purpose for which they were originally collected or a directly related purpose.”
“Bloomberg should revisit the personal information collected from the customers and inform the customers of the purpose for which the personal information will be used. Bloomberg should also erase all excessive information collected and conduct a comprehensive review on the process of handling customer personal information, and conduct privacy impact assessment and regular privacy compliance audit.”
Charles Mok, Hong Kong lawmaker for the Legislative Council’s information technology sector:
“Bloomberg journalists’ accessing clients’ information is a breach of privacy. This information is sensitive and can be used to speculate on what sort of investments the clients are interested in. The subsequent news stories made by the journalists can also have an impact on the financial market.
“For example, telecommunications companies in Hong Kong cannot use their clients’ phone records. There’s no way that Bloomberg, which is also a service provider like a telecom company, should be allowed to do so.
“Even if Bloomberg wants its journalists to access this information, it should at least tell its clients about it first.”
Ricky Tam Siu-hing, chairman of the Institute of Investment, also a Bloomberg terminal user:
“I would use other data providers like Reuters to avoid being tracked.
“While reporters can only check data for broad categories, they can still make informed guesses or draw inferences to what I’m doing, if, for example, I’m always checking the gold price. The most important thing is that I don’t know what other sensitive information their reporters can lay their hands on, I think Bloomberg should clarify this."
Additional reporting by Phila Siu and Anita SW Lam