In the month and a half since we announced our plans for an independent companywide review of client privacy and data standards, we’ve made good progress. I thought I’d provide an update on that progress and the timeline for completing the work and announcing the results, which we plan to do by September 1st.
As I’ve written about previously, Bloomberg has launched a comprehensive review of our client data policies and practices. The review is being undertaken by teams from Promontory Financial Group and Hogan Lovells with direction from Samuel Palmisano. Promontory and Hogan Lovells both have full-time teams, onsite at Bloomberg and offsite, reviewing past practices, current policies and procedures, and developing recommendations for future changes.
The teams onsite have tested terminal functions that potentially provide access to the most sensitive client data, and they have tested the controls restricting Bloomberg journalist access to certain client usage data, including information on the UUID function and help desk requests.
While the testing of these data access controls is continuing, the initial findings have confirmed that our controls are functioning properly to restrict access to the highest-sensitivity data such as trading, position and message data. These tests have also confirmed that journalists no longer have access to customer relationship management data on the UUID function and help desk requests, except where directed to a journalist to answer a news-related question.
When all testing and other work are completed, the final report resulting from the review will focus on four main areas:
1. Bloomberg’s prior client data practices.
Hogan Lovells and Promontory are reviewing past journalist access to certain types of client data, such as login creation date, login history, basic usage data and help desk inquiries.
2. Bloomberg’s response to customer concerns.
Hogan Lovells and Promontory are reviewing our company’s response to client inquiries, and will evaluate whether we have communicated important information in an effective, forthcoming manner.
3. Companywide policies as of report release.
The Hogan/Promontory review will evaluate whether our current practices, policies and standards reflect our commitment to privacy and confidentiality. In addition, the report will assess whether Bloomberg’s organizational structure, management and staffing support these principles, especially with regard to data classification, access control, IT security, training, incident response, physical security and privacy.
4. Plans for enhancements going forward.
Finally, in addition to reviewing current operations, Hogan Lovells and Promontory will make recommendations for how we can make enhancements to set the highest standard in the future. The report will assess our plan for independent verification of our policies and procedures, which we expect will include an independent and ongoing audit for systems and procedures.
News and Commercial Relationship Review
In addition to the review of our data policies and procedures, a team led by Clark Hoyt has been reviewing Bloomberg News’ relationship with our company’s commercial operations. This has included an examination of practices and policies across news content teams and a review of current policies, procedures and training. So far Clark and his team have conducted more than 100 interviews with Bloomberg News journalists, other Bloomberg employees, clients and other stakeholders.
Sharing the Reports
Based on the progress of our reviews thus far, we intend to share the key findings, conclusions, and recommendations of Promontory and Hogan Lovells’ review by September 1st. In the meantime, I’ll continue to provide periodic updates throughout the summer.
Contributed by Dan Doctoroff, Chief Executive Officer and President of Bloomberg L.P.