Ameriprise has agreed to a settlement with Massachusetts' regulatory office over damages from a laptop that was stolen from an employee's car in December 2005.
The missing laptop contained information on over 150,000 customers and 60,000 advisors to the financial services firm.
The settlement, one of the first of its kind, was brought by Massachusetts Secretary of State William Galvin, who pursued the case because much of the missing information belonged to Massachusetts citizens.
Under the terms of the agreement, Ameriprise must hire a third-party consultant to review the company's policies for usage of laptops both in its Massachusetts offices and overall. The consultant must also study Ameriprise's general policies for taking information or equipment home, or working at home.
Ameriprise has also agreed to pay $25,000 to Galvin's office to cover the costs of the investigation.
Sources said that Galvin's office was also investigating the disappearance of a laptop belonging to Fidelity Investments. The laptop contained information on thousands of current and former Hewlett-Packard employees, and was stolen from the car of an unidentified employee.
More recently, an employee of Kaiser Permanente had a laptop stolen that contained info on 38,000 patients in their Colorado-area health network. The laptop was taken from the employee's car in Oakland, California.
Laptop theft also hit the Pennsylvania Department of Transportation's Wilkes-Barre office, with thieves making off with laptops containing personal information on 11,000 Pennsylvania drivers. The culprits also stole equipment that could be used to create fake drivers' licenses and I.D. cards.
The Ameriprise settlement is unusual in that the vast majority of laptop thefts and disappearances are treated as a "customer problem," rather than a failure at the corporate level.
Affected individuals are generally told to check their credit reports for fraud, and possibly will receive free credit monitoring from the company, but generally little else.
Businesses have been criticized for taking a laissez-faire attitude towards the issue of laptop or equipment theft, and for not implementing tougher data security procedures for keeping customers' information safe.
