HSBC has been fined a collosal £3 million by the FSA in relation to data loss. The fine is interesting as it dwarfs previous fines and has been imposed by the FSA rather than the ICO.
The incident relates to the loss of data in 2007 and early 2008. For those feeling sorry (if at all possible) for HSBC, should consider that these data losses were not isolated, and there have been several other HSBC data losses, including:
- HSBC lost an entire server, the data was not encrypted
- HSBC lose 37,000 records, on an un-encrypted media.
- HSBC, along with UAE and others also suffered a data theft from their banks
From the information available it appears that HSBC had a very relaxed policy to client data, moving data around, in unrecorded post that was unencrypted. The true amount of data theft from HSBC will never be known, as their data security appears so lax details could have been stolen without any one knowing.