The Financial Conduct Authority, UK, has informed the Information Commissioner’s office that it has accidentally revealed personal information of nearly 1,600 individuals who filed complaints about it.
The regulator of UK’s banks and investors admitted that the information -- names, addresses and phone numbers -- were put out in a document in response to a request for data under the Freedom of Information Act.
“The response related to the number and nature of new complaints made against the FCA and handled by the Complaints Team between 2 January 2018 and 17 July 2019. The publication of this information was a mistake by the FCA,” said the announcement.
“As soon as we became aware of this, we removed the relevant data from our website. We have undertaken a full review to identify the extent of any information that may have been accessible,” it added.
“To see the FCA having to refer itself to the ICO shows how easy data can be exposed through human error. In this case it is the inadvertent sharing of a FOI response with personal data contained within it, but it can also happen through deliberate or careless sharing of spreadsheets, data sets or documents, or the transmission of emails to wrongly addressed recipients," commented Piers Wilson, head of product management at Huntsman Security.
The FCA has assured that it is making direct contact with the individuals concerned to apologise and inform them of the extent of the data disclosed and what the next steps might be.
“No financial, payment card, passport or other identity information were included,” the announcement said.
“No matter what an organisation does, or how much experience it has in security and privacy mistakes can happen. These can be when information is intended to be shared but hasn't been sanitised, or when information stored, transmitted or shared in other ways,” Wilson said.