Institutional Shareholder Services (ISS), a research firm the advises clients on voting in proxy fights, must pay $300,000 to the U.S. Securities and Exchange Commission (SEC) to settle charges that it failed to protect client information due to access control shortfalls.
The breach happened after an ISS employer allegedly divulged sensitive information to a proxy solicitor, a person hired by shareholders to find proxy voters to replace shareholder votes, in exchange for gifts.
"An SEC investigation found that an employee at ISS provided a proxy solicitor with material, nonpublic information revealing how more than 100 ISS institutional shareholder advisory clients were voting their proxy ballots," the SEC said in a Thursday news release. "In exchange for voting information, the proxy solicitor provided the ISS employee with meals, expensive tickets to concerts and sporting events, and an airline ticket."
The ISS is a registered SEC investment adviser.
The breach, which had been ongoing from 2007 to 2012, was enabled by ISS failing "to establish or enforce written policies and procedures reasonably designed to prevent the misuse of material, nonpublic information by ISS employees. Specifically, ISS lacked sufficient controls over employee access to databases of confidential client vote information."