HSBC fined for personal data loss

Three HSBC firms have been fined more than £3m for failing to adequately protect customers' confidential details from being lost or stolen.

The Financial Services Authority (FSA) said customer data had been lost in the post on two occasions. The firms concerned are HSBC Life UK, HSBC Actuaries and Consultants, and HSBC Insurance Brokers. HSBC said it regretted the breaches, adding that no customer had reported any loss from these failures.

Lack of training

The FSA said that all three firms had taken action to address the concerns raised. It said it had found that "large amounts" of unencrypted customer details had been sent via post or courier to third parties. Confidential information about customers was also found left on open shelves or in unlocked cabinets, the watchdog said. It added that staff had not been given sufficient training on how to identify and manage risks such as identity theft.

Lost disks

The FSA identified two instances where unencrypted data had been lost in the post. In April 2007, HSBC Actuaries lost a floppy disk containing the personal information of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers. And in February 2008, HSBC Life lost a CD containing the details of 180,000 policyholders. "All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals," said Margaret Cole, director of enforcement at the FSA. "It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers' details."

Reduced fines

Clive Bannister, group managing director of HSBC Insurance, said: "We hold ourselves to the highest standards, but it is clear that in these instances we have fallen short, which we sincerely regret. quot;While this is a serious matter, no customer reported any loss from these failures and we are doing everything possible to prevent a recurrence." The three firms agreed to settle at an early stage of the FSA's investigation and therefore qualified for a 30% discount. Without the discount, the fines would have totalled more than £4.5m.

Source

l.12-.057c.834-.407 1.663-.812 2.53-1.211a42.414 42.414 0 0 1 3.345-1.374c2.478-.867 5.078-1.427 7.788-1.427 2.715 0 5.318.56 7.786 1.427z" transform="translate(-128 -243)"/>