Business Week reports that three companies within the HSCB banking group have between them been fined over £3 million by the Financial Services Authority (UK) for customer data protection lapses. HSBC Life were ordered to pay £1,610,000, HSBC Actuaries £875,000 and HSBC Insurance Brokers £700,000. The fines followed an investigation by the FSA which revealed that customer data was sent without encryption to third parties and via couriers, and left in unlocked cabinets and on open shelves. A spokesman for HSBC Insurance is quoted as saying:
“While this is a serious matter, no customer reported any loss from these failures and we are doing everything possible to prevent a recurrence. We have implemented even more rigorous systems [this suggests that the previous systems were “rigorous”], better checks and more training for our people. We believe our customers can have confidence that we are doing everything we can to protect their privacy [that’s the point: the customers not only can but do have confidence, because they generally don’t know what’s happening to their data, whether it’s adequately protected or not]“.
The three companies have now improved staff training and use encryption when data is being moved. By cooperating with the FSA they also earned a 30% reduction on the fine, which would otherwise have stood at £4.55 million.