FSA fines HSBC companies $7,500,000 for data security issues

Following on from my recent posts regarding fines and the cost of data leakage (TJX and Cornell), I thought I’d also bring to your attention the latest initiated by the FSA (Financial Services Authority of UK) against HSBC – On 22nd July A tidy penalty of £4,550,000 ($7.5m) for two failures to protect personal information. HSBC will get a nice 30% discount on this for early payment, leaving them with a bill for £3,185,000 ($5.26m) plus their own internal costs.
The failures in summary were:
1. In April 2007, HSBC Actuaries lost an unencrypted floppy disk in the post, containing the personal information of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers.
2. In February 2008 HSBC Life lost an unencrypted CD containing the details of 180,000 policy holders in the post.
The FSA also fined HSBC Insurance Brokers for failures to implement measures to protect said data according to section 206 of the Financial Services and Markets Act 2000, for failures to adhere to Principal 3 of the FSA’s “Principals for Business“
Principle 3 – Management and control
A firm must organise and control its affairs effectively.
This will include:
a) having directors and senior managers who are all fit and proper for their roles, and operating adequate arrangements for securing the suitability of persons who (continue reading...)