If the world’s largest bank can lose critical data, what chance do the rest of us have?

Bad Privacy Blog by Claudiu Popa
2 min readJul 14, 2023

Ever lost an important email? I know! It totally sucks, doesn’t it?

Click to read the referenced article: JPMorgan fined $4 million by SEC for deleting 47 million emails | CNN Business

JPMorgan Chase, a company that recently allocated $12 Billion to upgrading its #cybersecurity and claims to spend hundreds of millions per year on #dataprotection, has “a c c i d e n t a l l y” deleted 47 MILLION emails considered to be #business records required to be retained pursuant to federal #securities law.

Some of those emails were sought by subpoenas in at least a dozen #regulatory investigations. Others “could relate to potential future investigations, #legal matters and regulatory inquiries” according to the U.S. Securities and Exchange Commission. Oops!

Sadly — just like that lost Word document that you spent all night typing up — not a single one of the 47 MILLION emails could be retrieved. Bummer!

Since this was the THIRD time it happened, the company sweetly agreed to “cease and desist from committing any future violations”.

According to CNN, CNBC and Reuters, the firm swiftly submitted a settlement offer in anticipation of administrative proceedings related to the repeated deletions, and the #SEC accepted that offer.

One can imagine investigators letting out a sigh of resignation as they concluded: “because the deleted records are unrecoverable, it is unknown — and unknowable — how the lost records may have affected the regulatory investigations,”. Then they mercilessly dispensed a whopping $4 million fee to teach the world’s largest #bank (outside of China) that no one gets away with this kind of thing. No one!

“JPMorgan takes its record-keeping obligations seriously” stated the hapless $3.3 trillion #banking giant. “We have taken steps to enhance our process and procedures.”

Alrighty then.

Claudiu Popa is a book collector, author and the co-founder of the Knowledgeflow Foundation, a nonprofit organization that empowers communities to weaponize digital literacy and critical thinking against disinformation. He is also the CEO of Datarisk Canada, one of the first information security companies focused on the protection of intangible assets.



Bad Privacy Blog by Claudiu Popa

Fīat jūstitia, ruat cælum. Personal musings on data protection fails, snafus & oddities, written & edited by Claudiu Popa; author, educator, booknerd.