Data security failings
HSBC fined £3 million for data security failings
In July 2009, the FSA announced fines for three HSBC entities, totalling £3 million, for failing to have adequate systems and controls in place to protect their customers’ confidential data.
The failings included the loss in the post of two unencrypted disks containing personal data, the failure to store data securely, and poor staff training in respect of the identification and management of information security risks.
The fine was at the time the highest that had been applied for data security failings in the UK, despite a 30 per cent discount applied in recognition of HSBC’s cooperation with the FSA on the matter.
Identify two developments in recent years that have made data protection more challenging for financial (and other) institutions.
A number of developments spring to mind:
- the storage and transmission of data in electronic format, which means that it can be sent quickly and easily to a variety of destinations
- the growth in the number of accounts that customers hold – particularly given the increase in the number of credit and store cards in use; each additional account provides another set of data to potentially be mislaid
- the increased prevalence of ‘working from home’, with data being accessed and transmitted from locations away from the place of work and with data being held on computers in less than ideally secure environments; think about the number of stories about potential data protection breaches which relate to stolen or mislaid laptops
- the volumes of data that can be held in electronic format; this means that if there is a data protection breach, it rarely relates to just a handful of customer accounts.
What other factors did you think of?