The Financial Services Authority (FSA) has fined three HSBC firms over £3 million for not having adequate systems and controls in place to protect their customers' confidential details from being lost or stolen. These failings contributed to customer data being lost in the post on two occasions.
During its investigation into the firms' data security systems and controls, the FSA found that large amounts of unencrypted customer details had been sent via post or courier to third parties.
Confidential information about customers was also left on open shelves or in unlocked cabinets and could have been lost or stolen. In addition, staff were not given sufficient training on how to identify and manage risks like identity theft.
Lost discs
The FSA identified two instances where unencrypted data had been lost in the post.
In April 2007, HSBC Actuaries lost a floppy disk containing the personal information of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers.
And in February 2008, HSBC Life lost a CD containing the details of 180,000 policyholders.
Firms concerned
The three firms concerned are HSBC Life UK Limited (HSBC Life) fined £1,610,000, HSBC Actuaries and Consultants Limited (HSBC Actuaries) fined £875,000 and HSBC Insurance Brokers Limited (HSBC Insurance Brokers) fined £700,000.
Reduced fines
HSBC Insurance Brokers, HSBC Actuaries and HSBC Life co-operated fully with the FSA in the course of its investigation. All three firms agreed to settle at the early stage of the FSA's investigation and qualified for a 30% discount. Without the discount, the fines would have been £1m for HSBC Insurance Brokers, £1.25m for HSBC Actuaries and £2.3m for HSBC Life.
Previous fines
In the last four years, the FSA has fined Capita Financial Administrators £300,000; Nationwide £980,000; BNP Paribas Private Bank £350,000; Norwich Union £1,260,000; and Merchant Securities £77,000 for failings relating to data security lapses and fraud.
More on this can be found here
Debtwizard.comment
It is a serious concern that such large organisations have been so relaxed in protecting their customers' identities. I feel the fines are relatively low when taking into account the overall turnover of these firms; perhaps a criminal prosecution may be the way forward to make these firms sit up and take note.
This personal data could have easily ended up in the hands of fraudsters; identity fraud is one of the fasted growing crimes in the UK.
If you are worried about identity fraud then we list our simple do’s and don’ts to help protect your self which can be found here
