HSBC fined for personal data loss

[Jon Turner <jjturner () gmail com>]

http://news.bbc.co.uk/1/hi/business/8162787.stm

Three HSBC firms have been fined more than £3m for failing to
adequately protect customers' confidential details from being lost or
stolen.

The Financial Services Authority (FSA) said customer data had been
lost in the post on two occasions.

The firms concerned are HSBC Life UK, HSBC Actuaries and Consultants,
and HSBC Insurance Brokers.

HSBC said it regretted the breaches, adding that no customer had
reported any loss from these failures.

Lack of training

The FSA said that all three firms had taken action to address the
concerns raised.

        
All three firms failed their customers by being careless with personal
details which could have ended up in the hands of criminals
Margaret Cole, Financial Services Authority

It said it had found that "large amounts" of unencrypted customer
details had been sent via post or courier to third parties.

Confidential information about customers was also found left on open
shelves or in unlocked cabinets, the watchdog said.

It added that staff had not been given sufficient training on how to
identify and manage risks such as identity theft.

Lost disks

The FSA identified two instances where unencrypted data had been lost
in the post.

In April 2007, HSBC Actuaries lost a floppy disk containing the
personal information of 1,917 pension scheme members, including
addresses, dates of birth and national insurance numbers.

And in February 2008, HSBC Life lost a CD containing the details of
180,000 policyholders.

"All three firms failed their customers by being careless with
personal details which could have ended up in the hands of criminals,"
said Margaret Cole, director of enforcement at the FSA.

"It is also worrying that increasing awareness around the importance
of keeping personal information safe and the dangers of fraud did not
prompt the firms to do more to protect their customers' details."

Reduced fines

Clive Bannister, group managing director of HSBC Insurance, said: "We
hold ourselves to the highest standards, but it is clear that in these
instances we have fallen short, which we sincerely regret.

"While this is a serious matter, no customer reported any loss from
these failures and we are doing everything possible to prevent a
recurrence."

The three firms agreed to settle at an early stage of the FSA's
investigation and therefore qualified for a 30% discount.

Without the discount, the fines would have totalled more than £4.5m.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php