ISO 9000
I'll wager that Morgan Stanley is ISO 9000 "compliant", but this is often a box ticking exercise that means jack all if nobody bothers -- except when it is certification time.
Banking giant Morgan Stanley has been ordered to pay a $60m civil penalty over allegations it failed to properly decommission hardware from two of its US data centres in 2016. The servers belonged to Morgan Stanley's wealth management business. According to the penalty order [PDF] from the snappily named Office of the …
In America, you pay to have a clean sheet.
It's just a modern form of indulgence...
Agree to massive fine to avoid a trial and a verdict with a worse fine and sentence. As part of the settlement the defendant does not have to admit guilt officially; they technically were never found guilty by a court. But the size of the fine means they thought fighting it would lead to a conviction, essentially admitting guilt but not having the legal stigma of a guilty verdict.
I once bought a CP/M 2.2 machine with an 80 MB hard disk and an entire company's records on it. Still worked fine and appeared to have been in use about a couple of weeks before when the company went bust.
This, I should add, was in 2010.
No idea what happened to it sadly, it was a beautiful piece of kit...
Pfft, OK boomer, actually having copies of your music is SO last decade. All the cool kids now stream, for a small recurring fee in perpetuity.
But seriously though. I hate you :)
I can only hope it was 200,000 versions of the Macarena...
all different genres and time periods
...”Macarena as Waltz.mp3”, “Macarena (Renaissance Lute Remix).mp3”, “Billy Bob an’ his Good Ole Bluegrass Boys Play Macarena.mp3”?
[...] a mild slap on the wrist.
$60 million *is* a mild slap on the wrist to Morgan Stanley. In 2019 they had revenue of $38.9 BILLION, so they'll recoup it in just over half a day -- 13:30, if my math's right. A little more than a rounding error, I guess, but less than a Punishment.
This post has been deleted by its author
Actually you're both right.
Earnings based fines have been shown to be far more ethical, and have the same deterrent effect on the rich and the poor (Sweden for one has an earnings based speeding fines meaning a rich person caught speeding pays a significantly higher monetary fine than a poor person commiting the same speeding offense, but both people losing a weeks pay hurts (almost) equally, and has a similar deterrent.
However, the punishment applied should absolutely be proportional to the crime committed.
"In its majestic equality, the law forbids rich and poor alike to sleep under bridges, beg in the streets and steal loaves of bread."
A fine based on the culprit's ability to pay is matching the crime. MS isn't some struggling startup, they've been doing this for generations. What's their excuse, exactly?
Etrade have just revealed they are partnering with MS so this doesn't instill confidence.
"As of October 2, 2020, E*TRADE has joined forces with Morgan Stanley, a leading wealth management and investment banking firm. As a result of this transaction, we've updated our Consumer Privacy Notice to include Morgan Stanley as an affiliate and to permit the inter-affiliate sharing of creditworthiness data for everyday business purposes.
We are required to provide you with this updated Privacy Notice for your E*TRADE account, as federal law requires us to tell you how we collect, share, and protect your personal information, as well as how you can opt out of certain types of sharing.”
"Morgan Stanley's fine relates to a lack of compliance with the Code of Federal Regulations, Part 30, Appendix B, "Interagency Guidelines Establishing Information Security Standards." These security rules specifically relate to guidelines about the "proper disposal" of banking customers' information."
So... Are they rules, or are they guidelines?