"All three firms failed their customers"
By Jo Best
Published: 22 July 2009 16:10 GMT
Three HSBC companies have been hit with fines after the financial services watchdog found they weren't doing enough to protect customers' data.
The Financial Services Authority (FSA) fined HSBC Life £1,610,000, HSBC Actuaries £875,000 and HSBC Insurance Brokers £700,000 - making a total of £3m in penalties between them.
Due to the fact the three firms settled with the FSA, their fines were discounted by 30 per cent - the original charges totalled £4.55m.
The FSA handed down the fines after an investigation found customer data was sent without encryption to third parties and via couriers, and left in unlocked cabinets and shelves openly.
Staff were also not given proper training over how to spot and deal with risks like identity theft, the FSA found.
A-Z of security
Clive Bannister, group managing director of HSBC Insurance, said the company regrets falling short in dealing with customers' data.
"While this is a serious matter, no customer reported any loss from these failures and we are doing everything possible to prevent a recurrence. We have implemented even more rigorous systems, better checks and more training for our people. We believe our customers can have confidence that we are doing everything we can to protect their privacy," he said in a statement.
Two of the HSBC companies recorded losses of data: in 2007, HSBC Actuaries lost an unencrypted floppy disk in the post, containing the details of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers; while 2008 saw HSBC Life lose an unencrypted CD containing the details of 180,000 policy holders in the post. Those affected have been alerted to the losses by the companies.
Margaret Cole, director of enforcement at the FSA, described the losses as "disappointing".
"All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals. It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers' details," she said in a statement.
The three companies have now improved staff training and use encryption when data is being moved.
Life Insurance Private Healthcare Training Allowance ROLE/DESCRIPTION You will be providing strategic input into a specialised Late Phase Development ...
Architect, Solutions Designer, Fraud Prevention, Fraud Detection, ACI's Proactive Risk Manager, PRM, Anti Money Laundering, Customer Verification, ...
To qualify for this post you will have at least 2 years experience of Oracle, PL/SQL development within the Insurance industry. Insurance Software! ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...
Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech