Early last week, news broke that Bloomberg News reporters have monitored the activity of customers on Bloomberg's popular terminal service. The reporters allegedly used information about logins and other activity on Bloomberg's proprietary network in public reports about otherwise confidential activity inside financial firms. The data visible to Bloomberg reporters apparently did not include position data, trading data or messages—but was enough to indicate a trader's interest in specific news items and the trader's login timeline.

There is no question that the financial firms who lease Bloomberg Professional terminals expected their online activity to be kept secret, and that use of terminal activity by the company's news reporters is a breach of trust. 

The scandal does, however, give rise to some important questions without easy answers:

1.  WHAT DUTIES DOES BLOOMBERG HAVE TO PROTECT THIS DATA UNDER THE SUBSCRIPTION AGREEMENTS?

While we've negotiated plenty of Bloomberg agreements on behalf of our clients, those terms are confidential and can't be discussed in this post. Bloomberg doesn't seem to offer the public online access to its standard terms for its Bloomberg Professional terminal services, so we won't comment on those either. 

What we can say is that the Bloomberg scandal highlights a critical negotiating point in any data subscription agreement—the scope of the customer's confidential information. The primary confidentiality risk for customers of data subscription services is a trader's login and search history, trading activity, private messages, and other activity on the data provider's proprietary systems. In other words, the customer's primary concern is that use of the provider's system could expose the customer's otherwise secret business activities.

Every data subscription agreement should hold the provider accountable for keeping this information secret, and should strictly limit the provider's use of this information to providing the contracted services to that customer alone. Any other use of account activity data should be a breach of the agreement.

2.  WHAT LIABLITY EXPOSURE DOES BLOOMBERG HAVE FOR BREACH OF CONFIDENTIALITY DUTIES?

Again, we can't comment on any specifics in Bloomberg agreements that we've handled on behalf of clients. What we can say is that the market data industry is generally notorious for heavily limiting its liability exposure, while at the same time requiring customers to take on significant exposure for misuse of the provider's data. 

Because the industry has been so effective in establishing this imbalance of risk as a standard practice (in part because customers often have no alternative options to source certain kinds of information), this practice has gathered a lot of momentum. You can find evidence of this practice in the various publicly-available agreements for leading data services. Customers are often handily locked-in, and without any leverage to negotiate a fair allocation of risks.

When lawyers and other risk managers insist that the provider should offer more meaningful remedies for its transgressions, they're met with a common refrain from data provider salespeople: "We would never do anything like that." And yet, here we are, finding out that one of the leading providers has been systematically doing exactly what they claimed could never happen.

3.  WHY WOULD WALL STREET PUT UP WITH THIS?

The short answer is: they won't (for much longer).

Data subscription services like Bloomberg and a handful of peer companies have enjoyed a virual monopoly on certain categories of information. Even where the provider doesn't have exclusive rights in data, it might be able to deliver that data faster than anyone else. During the 1990s and early 2000s, companies like Bloomberg found themselves increasingly competing with freely-available (or more affordable) news and data sources on the Internet. 

Data providers have adopted two approaches to counteract the encroachment of the the increasing alternative sources: (1) lock in exclusive rights with data sources, e.g., getting exclusive rights to pricing data from the market makers, and (2) lock in customers with contract terms and rights-managed technologies.

These strategies have grown more and more difficult to maintain in the cold, hard light of competition. Companies like Bloomberg and Thomson Reuters have a long history as staples of the financial front desk, but firms are not going to continue paying high fees for data if the same data becomes available elsewhere for less.

Customers are already annoyed by high fees, complex, arcane licensing rules, and proprietary technology platforms. Scandals like this one further erode the good will between Wall Street and their data providers, giving the customer community yet another reason to look for alternatives.

This is a legitimate scandal, and the Street is lining up against Bloomberg.  In the words of the New York Times:

The Goldman Sachs complaint set off a wave of inquiries from subscribers on Wall Street, including JPMorgan Chase, Bank of America and Deutsche Bank, and in government, including the Federal Reserve, the Treasury Department and the European Central Bank.

4.  WHY DID THE STORY BREAK NOW?

In the days following the first news reports about this scandal last week, it became clear that this was one of the worst-kept secrets on Wall Street. Other firms stepped forward soon afterward to claim that they had known about the unauthorized spying for some time, but had not taken the matter to press. Presumably, any issues were handled between those firms and Bloomberg directly. Also, many traders have come forward now, saying that Bloomberg reporters were not hiding the practice, and often made reference to terminal login activity when chasing down stories. So, were Goldman executives "dumbfounded and outraged" by their recent discovery of the practice, as most outlets reported? Or was the story leaked to the New York Post last week as part of a larger dispute between Wall Street and Bloomberg?

5.  WHAT SHOULD BLOOMBERG CUSTOMERS DO TO ENSURE THIS CAN'T HAPPEN AGAIN?

Customers of every kind of data subscription service should resolve to take two issues very seriously in their future renegotiations with data providers: (1) the scope of customer confidential information should include customer users' activity on the provider's systems, and (2) the provider should have meaningful skin in the game if they breach the duty to protect the customer's confidential information.