When news happens, text SDE and your photos or videos to 80360. Or contact us by email and phone.
HSBC fined £1.61m over customers’ lost details
IT’S one of the oldest excuses in the book.
Lost in the post was not enough to convince watchdogs though who doled out a record fine.
The Southampton office of banking giant HSBC admitted that a disc containing 180,000 customers’ details had been lost, watchdogs were unimpressed and last night handed out a record £1.61m fine.
The disc, posted by staff at the Commercial Road offices of HSBC, went missing in February last year after being sent to an insurance company via an external courier.
It contained the names, dates of birth and insurance cover levels of people with life assurance at the bank, generally linked to a mortgage.
Fines for other data handling breaches in two other allied HSBC firms took the fines total to a massive £3.2m. The total of all three fines was reduced by a third, down from £4.55m, because the company co-operated with the Financial Services Authority (FSA) investigation.
The regulator’s enforcement director, Margaret Cole, said: “All three firms failed their customers by being careless with personal details, which could have ended up in the hands of criminals.”
Confidential information on customers was also left on open shelves and in unlocked cabinets and could have been lost or stolen, while staff were not given enough training on the threat of identity theft, the FSA added.
The security breaches came despite a warning from HSBC Insurance’s compliance team over the need for robust data controls in July 2007.
Ms Cole added: “It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers’ details.
“Fraud, particularly identity theft, is a major concern to everyone and firms must ensure that their data security systems and controls are constantly reviewed and updated to tackle this growing threat.”
HSBC said that it had established a programme to contact all customers potentially affected by the breaches, and had carried out data protection awareness training for 33,500 UK staff.
Other safeguards include stronger processes to ensure encryption of all confidential data transmitted electronically, HSBC added.
Clive Bannister, group managing director of HSBC Insurance, said: “We hold ourselves to the highest standards, but it is clear that in these instances we have fallen short, which we sincerely regret.
“While this is a serious matter, no customer reported any loss from these failures and we are doing everything possible to prevent a recurrence.”