SEC drops 42 cases after staff bungle data protection

The US Securities and Exchange Commission (SEC) has dismissed proceedings against 42 companies and individuals after admitting that its enforcement staff accessed documents that were supposed to be for judges' eyes only.

All 42 [PDF] of the now-dismissed cases were slated to be heard by the watchdog agency's in-house court – which is supposed to remain strictly separate from the SEC's enforcement staff.

"The 'Chinese Wall' between adjudication and enforcement is a sacrosanct tenet of the SEC and of internal control policy," said Digital Brand Media and Marketing Group (DBMM), one of the 42 entities involved, in a press release about the dismissals.

The decision follows a review of enforcement staff's access to records. That effort commenced in April 2022 after the SEC disclosed two earlier cases in which "agency enforcement staff had access to certain adjudicatory memoranda," in a way that broke legal rules.

The improper access saw the enforcement side of the SEC download databases they weren't supposed to be able to see, before sending memos to other staff members who also barred from seeing those documents - among them "attorneys investigating and prosecuting the enforcement matters," according to the SEC's April 2022 statement.

In the investigation that followed, during which the watchdog agency brought in external consultants Berkeley Research Group, the review team found that the data mishandling was far worse than previously disclosed by the SEC.

"We deeply regret that the agency's internal systems lacked sufficient safeguards surrounding access to Adjudication memoranda, and we are continuing our work to ensure that, going forward, work product from the Adjudication staff is appropriately safeguarded," the Friday statement read. 

The dismissals include several years-old cases, including one against Michelle Cochran – an accountant who in 2016 successfully challenged the legality of the SEC's in-house court before the US Supreme Court. 

• Cry-pto: Feds bury Bitcoin exchange giant Binance in 13-count fraud lawsuit
• SEC charges crew of social media influencers with $100m fraud
• British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack
• Lawyers cough up $200k after health data stolen in Microsoft Exchange pillaging

Cochran's case against the SEC had been consolidated with a similar lawsuit challenging the US Federal Trade Commission's tribunal, Axon Enterprise v. FTC. In ruling in favor of Cochran last month, the Supreme Court's decision "foreshadows hard days to come" for in-house courts, William E. Kovacic, a law professor at George Washington University and former FTC chairman, told the Wall Street Journal. 

According to the SEC, the investigation into the data breach found "no evidence that the control deficiency resulted in harm to any respondent or affected the Commission's adjudication in any proceeding."

Still, the agency acknowledged its data handling wasn't up to snuff, and committed to do better in the future.

"We take this lapse in controls very seriously and are committed to both informing the public about the scope of this issue and preventing any similar lapses in the future," it added. ®