Which CFA Institute standard is violated when a firm stores client data in an unsecured device and shares it without authorization?

Safeguarding confidential client information is essential. Preservation of Confidentiality requires protecting information entrusted to a firm and disclosing it only with proper authorization or as required by law. Storing client data on an unsecured device creates a real risk of unauthorized access, and sharing it without permission compounds that breach. That combination violates the obligation to keep client information confidential, so this standard is violated. Other standards address different duties—Fair Dealing concerns fair treatment in transactions, Referral Fees relate to compensation for referrals, and Misconduct is a broader category; none directly target confidentiality the way this standard does. The key takeaway is that reasonable safeguards (like encryption and access controls) and restricted, authorized sharing are necessary to comply.