Data Security in the financial services sector currently falls under the remit of the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO).
The Financial Conduct Authority (FCA) has taken over responsibility from the Financial Services Authority (FSA) and has the ability to fine companies in the financial sector for serious infringements – there are no upper limits to these fines. The guidance issued by the FSA on data protection has not been superseded by the FCA and remains highly influential.
The ICO is the UK’s independent authority set up to “uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.” The ICO also has the power to fine companies in the financial services sector up to £500,000 for data protection breaches.
Examples of previous fines imposed to financial organisations for not having adequate systems and controls in place to protect their customer’s confidential details from being lost or stolen includes; £2.2m to Zurich Insurance Plc in August 2010 and £1.6m to HSBC Life UK Limited in July 2009. On top of the potentially large fines there is also the possibility of a drop in share price due to negative publicity, in many cases this can equate to billions of pounds.