In what could be considered as a lesson for financial firms which have been repeatedly falling short on effective measures to protect their customers’ details from being stolen, Europe’s biggest bank, HSBC Holdings, has been slapped with a financial penalty worth £3 million for failing to safeguard its customers’ data from being picked.
The Financial Service Authority (FSA) posed hefty fines on three insurance firms that are part of HSBC after it discovered that huge volumes of customer information had either been sent using couriers or posts to third parties, or simply left lying in open shelves and unlocked cabinets.
In spite of alerts from HSBC’s compliance department about the requirement of more robust security controls, two divisions of the bank lost computer discs containing details of its customers.
The data loss incidences date back to April 2007, when one of the bank’s division, HSBC Actuaries, lost an unencrypted floppy disc containing details of 1,917 pension scheme members.
Following this, another division of the bank, HSBC Life, misplaced an unencrypted CD containing information of around 180,000 policyholders in the post back in February last year.
The director of enforcement at the FSA, Margaret Cole, commented upon the case by saying, “In areas where we have previously warned firms of the need to improve, people can expect to see fines increase to deter others and change behaviour in the industry”.
You can follow ITProPortal.com on http://www.twitter.com/itproportal and join more than 1750 other followers.
It is incredible that a company the size of HSBC managed to lose its customers' details. Public bodies often go through rather more complex procedures to determine where the responsibilities lie. Since HSBC is a private company - and therefore not entirely accountable to the public - it is not clear whether the matter will actually be solved or swept under the mat.