In regard to employees who regularly work off-site, the FSA commented that “if not properly managed or secured, customer data… can be lost or stolen very easily”; firms should “put in place systems and controls to minimise the risk that their operations and information assets be exploited”. Consumers, it continues “are entitled to rely on firms to ensure their personal information is secure”. Data security, the Authority comments, is also an “essential aspect” of the six Treating
Customers Fairly (TCF) outcomes, which give consumers confidence that their “fair treatment” is “essential to the (Data Security in Financial Services, p17, p65, pp17-20, FSA). Importantly, the FSA has also stated that “Data security is not simply an IT issue and the responsibility for ensuring data security should be coordinated across the business. Senior management, information security, human resources, financial crime, physical security, IT, compliance and internal audit are all examples of functions that have an important role to play in keeping customer data safe.” (Data Security in Financial Services, p23, FSA).
The Financial Services and Markets Act 2000 which provides the legal basis for fining firms indicates that should a data
breach occur a firm must demonstrate they ‘took all reasonable precautions and exercised all due diligence’.
3M Privacy Products can contribute to control A 9.2.1 within ISO27001