Bloomberg LP worked with several internal and independent officials to produce a review of Bloomberg News’ relationship with the company’s commercial operation, including privacy and data policies. In the report are recommendations to strengthen client security and corporate governance.
Hogan Lovells/Promontory Report
The external review, by consulting firm Promontory Financial Group and law firm Hogan Lovells, found no evidence of widespread abuse of journalist access to customer data - although two low-impact instances were identified. Samuel Palmisano, the former Chairman and CEO of IBM, was also asked to serve as an independent adviser regarding the company’s privacy and data standards.
According to the 100 page Palmisano/Hogan Lovells/Promontory Review, reviewers examined more than 500,000 news stories, 425 interviews of Bloomberg employees, 230,000 separate tests of client data systems, and performed an in-depth examination of more than 350 documents, including internal policy manuals, policy notes, training guides and client visit logs. In a release, Peter T. Grauer, Chairman of Bloomberg said of the review, “Our Board of Directors placed a high priority on ensuring the experts had full and complete access to Bloomberg employees and the company’s operations to identify areas of concern and address how could we fix them.”
[For more on this story Is Your Bloomberg Terminal Spying On You?]
The review concluded Bloomberg has appropriate data policies and controls in place. In a letter to clients by CEO and President Daniel L. Doctoroff's, Palmisano is quoted in saying Bloomberg leadership "acted quickly to enhance their existing structures and put more resources behind this critical priority... I support the report’s conclusion that Bloomberg currently has appropriate policies and controls in place."
It goes almost without saying that following the complaint in April from Goldman Sachs Group that journalists had access to subscriber data, access was quickly restricted. Journalists no longer have access to client UUID and ADSK screens or to Bloomberg’s anonymous chat rooms. Bloomberg says journalist access to client data is now the same as that of non-employee terminal users.
A second review about the relationship between Bloomberg's newsroom and commercial operations was produced by Bloomberg editor Clark Hoyt, a former New York Times public editor. According to the client letter, "This was a different kind of review and was intended to help Bloomberg LP and Bloomberg News live up to their high standards and address areas where standards and practices need to be revisited in a changing environment."
This study found, unsurprisingly, Bloomberg did not do enough to "reassess" the relationship between news and commercial operations as the departments grew and Bloomberg's business expanded. "The fact that we didn’t recognize the sensitivity of journalist access to limited client data represents an example of how our policies did not keep pace with the realities of our growth and evolution," said Doctoroff in the client letter.
Mr. Hoyt made several recommendations to improve the relationship between the news and commercial operations. Bloomberg emphasizes that it did not wait for the completion of the review to act upon some of these recommendations, and that other suggestions and largely underway to being fully implemented.
Among the actions already taken are the development of a "hierarchy of principles, policies and procedures to govern the handling of client data, which formalizes and expands policies and practices previously in existence." Bloomberg also committed to "ongoing third-party testing and reviews of our information security and client data controls" available to clients. Training programs have also been incorporated across all level that stress compliance and increased limits on internal information sharing with the news departments.
Now Hiring - Bloomberg's New Positions
Perhaps most eye catching of the accepted recommendations are the creation of new positions and reorganization of the Board of Directors. According to the client letter Bloomberg Board of Directors’ Audit Committee now includes oversight of risk and compliance, and the Committee is now comprised of a majority of independent directors. Bloomberg is also in process of hiring a Chief Risk and Compliance Officer to report to Doctoroff.
Furthermore, Bloomberg is looking to appoint an Independent Senior Editor "to serve as an independent avenue of appeal for issues and complaints around news coverage" and "assist in the ongoing development of best ethics practices and training on them." Additionally, a newsroom Standards Editor will be hired to make sure Bloomberg News "consistently adheres to The Bloomberg Way’s high standards for accuracy, rigor in reporting, balance and tone."
Lastly, Doctoroff writes, "We will create a newsroom Standards and Practices Task Force, including all units that generate content, to consider the necessary policies, practices and mandatory trainings that ensure the appropriate relationship between our news and commercial businesses."
Catching Up VS Ahead of the Curve
While Bloomberg is apparently patting themselves on the back for their strong and effective reaction to the crisis, one can't help but feel Bloomberg should have had - at least - an audit committee in place as well as independent oversight long ago.
A Bloomberg representative directed attention to the Hogan Lovells/Promontory review (page 54) which found Bloomberg to have "a management team that was closely focused on the issues relating to Client Data policies and practices, including a management committee comprised of the most senior executives at Bloomberg that met regularly, set direction, approved principles and important policies, and received updates on program status." The report also noted that Bloomberg "management has committed to expanding and formalizing the internal audit function to audit compliance with Client Data policies, procedures, and other controls."
Doctoroff writes, “We know we needed to evolve, and we have learned from our mistakes. We are already implementing many of the recommendations we received. Most importantly, we have carefully listened to our clients and other constituencies, and their suggestions are helping make us a better partner.” He adds, "Our ultimate goal is not just to fix today’s issues; it is to set new standards for ourselves and, in doing so, hopefully a higher bar for the entire industry."