Data Security: Is your organisation hacked or hacked off?
With hacking and data security issues dominating the news right now, readers could be forgiven for turning to other news stories for light relief. But financial institutions, both large and small, could use this as an opportune moment to revisit their own data security concerns, safe in the knowledge that any issues raised are unlikely to be dismissed in the current climate.
Back in 2008, the FSA itself, following a thematic review of how financial services firms were addressing data security, highlighted the risk of staff breaching procedures, for example, by looking at account information relating to celebrities, and the dangers of staff being bribed or threatened to give customer details to wrongdoers.
Obviously, where financial institutions are involved, the leaking of personal information raises not just a privacy issue and an important reputational concern for the firm; the financial risk is a primary focus. This focus is reflected by the FSA’s recent consultation and publication of its proposed new regulatory guide "Financial Crime: A guide for firms", which contains a chapter devoted to guidance on data security and highlights the continuing importance of the issue for the FSA. Although the Guide does not contain rules and imposes no new requirements on firms, it provides examples of good and poor practice that all firms might do well to heed given the spotlight on the issue at present.
In the Guide, good practice ranges from issues of high level governance to low level daily implementation.
Lawyers Shane Gleghorn, Julie Simpson Day
