HSBC fined £3.2 million by FSA over data loss

News by Dan Raywood

The fining of high street bank HSBC for losing customer data has been praised as a positive step.

The fining of high street bank HSBC for losing customer data has been praised as a positive step.

HSBC was fined £3.2 million for a series of losses of customer data by the Financial Services Authority (FSA) after its Life division lost an unencrypted CD containing the details of 180,000 policyholders. The disk was sent by regular, unrecorded post and contained names, ages, sex, dates of birth and policy numbers.

Nick Lowe, regional director for Northern Europe at Check Point, claimed that the fine was a positive step towards ensuring confidential data is kept protected, whether stored or in transit.

Lowe said: “The biggest data loss of 180,000 customer details, occurred just three months after the massive HMRC breach and in identical circumstances. Hopefully the FSA's ruling and fine will encourage all companies to take more care with the data they hold.

“But it will take a long time before these safeguards are used by a majority of firms. In Spring 2009 our security survey found that over 50 per cent of public and private sector firms still do not have encryption in place to secure their data, so there is still much education to be done.”

Bernard Parsons, CEO of Becrypt, claimed that there is a need to understand the ways that such breaches can occur, how this could happen and also what can be done to circumvent this issue.

Parsons said: “This yet again highlights the need for organisations of all types to take stock of how they protect and handle data, particularly on removable forms of media, such as hard drives, memory sticks and so on. It also highlights the dangers of sending unprotected data via removable media without first encrypting it, therefore protecting the information whilst it is in transit.

“It's a classic people/processes/technology conundrum: human behaviour is unpredictable – mistakes happen or intentional malicious intent can circumvent best practice guidelines, this is where a solid information assurance policy can help protect an organisation's integrity, reputation and the data it holds.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews