Joanne Wallen of Complinet writes about the reaction of the U.K.’s Financial Service Authority: FSA Berates Compliance Officers in Crackdown on Data Security Breaches (.pdf).
The FSA focused on compliance officers for not putting enough focus on data security.
Examples of good practice at firms that the FSA visited included encrypting laptops and using secure internet links to transfer data to third parties. This was something that HSBC claimed it usually did, but the bank was caught out when its electronic system went down and it instead transferred the records of 370,000 life insurance customers onto a disc that it then sent in the post to its reinsurer at the beginning of February. As of the beginning of April, the disc had not yet turned up. Other examples of best practice include masking customers’ financial details where they are not necessary for staff to do their jobs and appointing a senior manager with overall responsibility for data security.