Shook, Hardy & Bacon Partner and Data Security and Privacy group leader Al Saikali takes a closer look at the Federal Reserve’s recent decision to fine Goldman Sachs $36 million in an August 4 Law360 article, “Goldman’s $36M Fine Turns Data Security Scrutiny Inward.”
On Aug. 3, the Federal Reserve imposed a hefty fine on Goldman Sachs over a former employee’s misuse of confidential information. The settlement requires Goldman Sachs to improve its internal data management practices, which Saikali notes would bring Goldman Sachs up to "general best practices for the protection of highly sensitive information." However, the Fed also cited Goldman Sachs for “failing to monitor electronic mail for documents containing confidential supervisory information,” which Saikali finds to be a “virtually impossible” standard to meet.
Saikali adds, "Even if Goldman could 'tag' the file to know when it is leaving their system — and it should implement controls to limit access to and transfer of the documents — what would stop employees with access from using relevant excerpts?"
Ultimately, Saikali expresses, "Undoubtedly, the significant size of this settlement alone will cause every company with whom similar sensitive information is shared by the Fed to stop what they're doing and look closely at the security safeguards they have in place, which I'm sure is what was intended.”