About Me
Simon Hunt
VP and CTO, Endpoint Security Simon Hunt has more than 20 years experience in software development, design and ...
Feeds & Podcasts
Enterprise Blogs
- Cloud Security (10)
- Critical Infrastructure Protection (10)
- CSO / Risk Management (64)
- Data Center (9)
- Data Protection (63)
- Embedded (7)
- Management (6)
- Mobile (29)
- NAC (2)
- Network Security (37)
- Public Sector (26)
- Risk Compliance (63)
- SaaS (2)
- Security Connected (107)
- Security Perspectives (7)
- SMB (3)
- Support (6)
- System Endpoint (22)
- Virtualization (5)
Meet the Bloggers
- Adam Wosotowsky
- Andrew Berkuta
- Barry McPherson
- Brian Contos
- Brian Foster
- Brian Kenyon
- Callie Skokos
- Carrie Ellis
- Charles Ross
- Chintan Shah
- Dan Olds
- Dan Wolff
- David Hatchell
- Dr. Phyllis Schneck
- DThakkar
- Ed Metcalf
- Ed White
- Editor
- Elan Winkler
- Eric Andre
- Eric Schou
- Evan Schuman
- Evelyn de Souza
- Francois Paget
- Gary Davis
- Geok Meng Ong
- George Kurtz
- Greg Brown
- Jan Volzke
- Jim Walter
- Jimmy Shah
- John Dasher
- Joseph Blankenship
- Josh Archambault
- Kayvon Sadeghi
- Kent Landfield
- Kevin Reardon
- Kim Singletary
- Larry Ponemon
- Leon Erlanger
- Lianne Caetano
- Lillian Wai
- Marc Olesen
- Mark Campbell
- Martin Ward
- Matt Fairbanks
- Melissa Siems
- Michelle Dennedy
- Mike Carpenter
- Mike Gallagher
- Nikfar Khaleeli
- Oliver Devane
- PageOne Pr
- Pamela Warren
- Raj Samani
- Rees Johnson
- Rishi Bhargava
- Robert Welty
- Ryan Permeh
- Scott Chasin
- Simon Hunt
- Stephen Karkula
- Steven Fox
- Stuart McClure
- Swapnil Pathak
- Swaroop Sayeram
- Tim Fulkerson
- Tim Roddy
- Tom Conway
- Tom Gann
- Tony Zirnoon
- Tyler Carter
- Vijay Upadhyaya
- William Beltane
Archive
- February 2012 (18)
- January 2012 (47)
- 2011 (482)
- 2010 (431)
- 2009 (395)
- 2008 (294)
- 2007 (416)
- 2006 (169)
Tags
#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity
FSA fines HSBC companies $7,500,000 for data security issues
|
|
Following on from my recent posts regarding fines and the cost of data leakage (TJX and Cornell), I thought I’d also bring to your attention the latest initiated by the FSA (Financial Services Authority of UK) against HSBC – On 22nd July A tidy penalty of £4,550,000 ($7.5m) for two failures to protect personal information. HSBC will get a nice 30% discount on this for early payment, leaving them with a bill for £3,185,000 ($5.26m) plus their own internal costs.
The failures in summary were:
1. In April 2007, HSBC Actuaries lost an unencrypted floppy disk in the post, containing the personal information of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers.
2. In February 2008 HSBC Life lost an unencrypted CD containing the details of 180,000 policy holders in the post.
The FSA also fined HSBC Insurance Brokers for failures to implement measures to protect said data according to section 206 of the Financial Services and Markets Act 2000, for failures to adhere to Principal 3 of the FSA’s “Principals for Business“
Principle 3 – Management and control
A firm must organise and control its affairs effectively.
This will include:
a) having directors and senior managers who are all fit and proper for their roles, and operating adequate arrangements for securing the suitability of persons who
carry out functions on its behalf;
b) apportioning responsibilities among its senior managers and directors in such a way that
• their individual responsibilities are clear; and
• the business and affairs of the firm are adequately monitored and controlled at senior management and board level;
c) operating robust arrangements for meeting the standards and requirements of the regulatory system, and for guarding against involvement in market abuse or financial crime (including the detection and prevention of money laundering); and
d) keeping adequate and orderly records of its business and internal organisation.
The official summary of this is:
FSA Principle 3 states that a firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.
This final penalty is interesting because it’s a fine based on a failure of business practice, not a fine for actually exposing any ones data – this is a true demonstration of the teeth that the FSA have in the UK.
In the last four years, the FSA has fined Capita Financial Administrators£300,000; Nationwide £980,000; BNP Paribas Private Bank £350,000; Norwich Union£1,260,000; and Merchant Securities £77,000 for failings relating to data security lapses and fraud.
|
|
Submit your own comments / message for this post