Morgan Stanley

U.S. Personnel Data Protection Notification


Morgan Stanley (“us”, “our” or “we”) recognises its obligations in relation to the processing of its employees personal data under applicable data protection and privacy laws.

This US Personnel Data Protection Notification (this “Notification”) provides information in relation to the collection, storage, access, use, and disclosure (“processing”) of your personal data by Morgan Stanley entities based in  the US that you are employed by (the “Firm”), including:

  • Types of personal data the Firm processes;
  • How the Firm collects your personal data;
  • The purposes for which the Firm processes your personal data;
  • The monitoring the Firm conducts;
  • When the Firm discloses your personal data;
  • How the Firm protects your personal data;
  • How the Firm retains your personal data;
  • Personal details relating to your family members and other individuals
  • What marketing the Firm does; and
  • Your rights under applicable laws.

This Notice applies only to US Resident employees, job applicants, and independent contractors. This Notice describes the rights you have over your Personal Information held with us.  


Personal Data

The Firm and its authorized service providers may process information about you, which constitutes personal data under applicable data protection and privacy laws, including:

  •  Identifiers such as a
    • personal or work related contact information, such as name, current and previous postal address, unique personal identifier, telephone number, email address, employee ID
    • government-issued identifiers, such as social security number, driver’s license number, state identification numbers, passport number, or other similar identifiers as required and permitted by applicable laws and regulations;
  • Any categories of Personal Information as described in state or federal law, including your ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual orientation, criminal offences or proceedings, age, date of birth, gender, marital status, details related to your family members, country of residence, and citizenship;
  • Commercial information, including bank account details (bank account number, IFSC code, bank statements);
  • Biometric information;
  • Your credit report if a credit check requirement applies to your position;
  • Internet or other electronic network activity information;
  • Information about your citizenship and, if applicable, immigration status;
  • Information about your emergency contacts, dependants and beneficiaries;
  • Audio, electronic, or visual information, including an image of your passport or driver’s license which generally includes a head and shoulders photograph, and other photographic or video images of you (e.g., on Corporate Directory or on Firm issued security passes);
  • Professional or employment-related information, including your occupation and prior work experience, role/position/title, and area of responsibility; and
  • Education information. 


The Firm and/or its authorized service providers may collect and record your personal data from a variety of sources as further specified in this section. 

  • From you or as a result of the employment relationship.
  • From unaffiliated third party(ies) for limited use to a particular purpose(s) to fulfill limited purpose(s) or as may be permitted or required by law such as
    • Running pre-employment checks, in compliance with the Fair Credit Reporting Act (“FCRA”) where applicable,
    • Processing references on behalf of the Firm,
    • Health service providers, in compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) where applicable,
    • Pension and benefits administrators,
    • Learning and development organizations,
    • Data analysis and survey companies,
    • Citizenship / immigration status verification companies,
    • Payroll processing companies, and
    • Any other services related to Human Resources
  • From government, legal regulatory, supervisory, or other authorities under applicable laws or regulations.

The personal data we obtain through these sources will include your personal details, contact details, identification documents, personal identifiers, and financial account information.

Some of this information will be publicly accessible and some will be gained from databases that we access through authorized third parties.

While the Firm makes every effort to ensure that all your personal data are accurate, complete and up to date, you should regularly update and/or correct your personal data via the Firm’s Human Resources portal Workday. The Firm shall not be responsible for the authenticity of any personal data or sensitive personal data or any losses arising from any inaccurate or deficient personal data or sensitive personal data that you supply to us.


The Firm and/or service providers and/or third parties acting on our or their behalf, may process data for the following business purposes:

  • Auditing related to interactions with the consumers and auditing compliance with this specification and other standards, including
    • For reporting (including without limitation transaction reporting) to, and audits by, national and international regulatory, enforcement or exchange bodies and complying with court orders associated with us;
    • For Monitoring purposes as defined within and in the Global Monitoring Notice, subject to applicable law; and
    • To provide operational support and development of our businesses including to evaluate customer service, efficiency and cost, as well as for risk management purposes.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity, including
    • For security and risk management purposes, including to enable the Firm to identify you and to manage your access to Firm premises and interactions with clients, colleagues and other third parties; to manage conflict of interests, outside business interests and conduct risk; and
    • To carry out money laundering and conflict checks and for fraud, market abuse,  tax evasion,  insider trading, financial crime prevention and identification purposes (and this includes consideration of information regarding political affiliations and criminal offences committed or alleged to have been committed).
  • Performing services on the Firm’s behalf as a business, including
    • To the extent reasonably necessary to manage and administer the employment relationship and the policies and procedures relating to the employment relationship including for: payroll, benefits, tax and time management; performance assessments and evaluations; sickness and absence management; workplace health and safety; disciplinary and grievances; flexible work and leave requests; internal reporting; learning and development; compensation decisions; internal mobility, licensing and registration requirements, and the provision of employment references;
    • To manage and administer the Firm’s Diversity Program which enables the Firm to measure its progress with regards to the composition of our employee base and the effectiveness of our diversity and inclusion strategy, to promote Diversity Networks or to invite you to training or career advancement opportunities (all of these being our legitimate interests);
    • For recruitment purposes, to confirm your references and educational background and to consider your suitability for any current or future recruitment requirements;
    • For internal training purposes; and
    • To contact you about services and products we offer (with your prior consent where required by applicable law).
  • As otherwise necessary under law, including
    • To exercise and defend its legal rights anywhere in the world; and
    • To assist with investigations, complaints, regulatory requests, litigation, arbitration, mediation or requests from individuals in connection with any reorganizations, consolidations, liquidations or other any transactions changing the corporate form of the Firm


Monitoring” means the systematic and/or repetitive surveillance, tracking (including the use of cookies or similar technology), analyzing, profiling (as defined below) and/or reviewing of an individual’s (i) verbal and electronic messaging and communications, (e.g., telephone, facsimile, SMS, instant message, email, Bloomberg, Skype and video conferencing and any other electronic or recordable communications), and (ii) use of and access to technology owned by or made accessible by the Firm, or any other persons, including but not limited to systems that facilitate communications, information processing, transmission, storage and access, as well as remote access (and any data moving through and/or residing thereon; and (iii) use of and access to Firm premises (collectively “Firm Systems”) as further specified in the Global Monitoring Notice.

Profiling that includes any form of systematic and extensive processing of personal data to evaluate, analyze or predict personal aspects concerning an individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements. For further information on how the Firm conducts profiling of employees refer the Global Monitoring Notice.

You are permitted to use Firm Systems for limited personal use. All information stored on or transmitted through the use of the Firm Systems and all recordings and transcripts of telephone conversations are the Firm’s property.

The Firm engages in monitoring of employee use of Firm Systems. You should not use Firm Systems for personal use if you do not wish your personal use and communication to be monitored.


To the extent permitted by applicable law, the Firm may process your personal data, for the purposes specified in this Notification, and disclose such personal data:

  • Within the Morgan Stanley Group of companies;
  • To our service providers, processing your personal data on our behalf or otherwise providing the Firm with professional or other services, including Morgan Stanley affiliates and vendors which conduct administrative, legal, operational, technology and customer service functions in various jurisdictions or third parties who offer services directly to employees via a corporate arrangement;
  • To third parties, such as clients and prospective clients, trading venues, exchange or clearing houses, with whom you interact on behalf the Firm;
  • To fraud prevention and other similar agencies, and other financial institutions, with whom information is shared for money laundering checking and fraud prevention purposes;
  • To persons to whom we give our rights or obligations
  • To a prospective seller or buyer in the event that we sell or buy any business or assets or if all or substantially all of our assets are acquired by a third party, in which case personal data held by us about our employees will be one of the transferred assets;
  • To national and international regulatory, enforcement or exchange bodies or courts anywhere in the world or at their request;
  • As required by applicable law or regulations; and
  • To any third party to whom you authorize us to disclose your personal data.


Under The California Consumer Privacy Act (“CCPA”) provides certain data privacy rights to California Residents.

If you are a California Resident and we have your Personal Information, under CCPA as of January 1, 2020 the following applies:

Notification of Personal Information Collection

We collect, use and process your Personal Information, as described within this Notice, for expected internal reasons, Legal obligations, and servicing a transaction or providing a service. In addition we may use your information to detect security and fraud as well as technical support functions.  

Further detail on categories of and Personal Information collected about you, sources of, purposes for collecting, as well as Third Parties we disclose Personal Information to, are described within this document.


We reserve the right to modify or supplement this Notice at any time. Therefore, we recommend that you review this Notice, updated and posted on this Site, regularly for changes. The Effective Date of this Notice, as stated above, indicates the last time this Notice was revised.

Your continued use of our services after we have changed this Notice signifies your acceptance of the revised terms.  Under certain circumstances (i.e., with respect to material changes to this Notice), we may also elect to notify you through additional means, such as by posting a notice on the Site or sending you an email.