In regard to employees who regularly work off-site, the FSA commented that “if not properly managed or secured, customer data can be lost or stolen very easily”; firms should “put in place systems and controls to minimise the risk that their operations and information assets can be exploited”. Consumers, it continues “are entitled to rely on firms to ensure their personal information is secure”. Data security, the Authority comments, is also an “essential aspect” of the six Treating Customers Fairly (TCF) outcomes, which give consumers confidence that their “fair treatment” is “essential to the corporate culture”.
Importantly, it’s noted that “Data security is not simply an IT issue and the responsibility for ensuring data security should be coordinated across the business. Senior management, information security, human resources, financial crime, physical security, IT, compliance and internal audit are all examples of functions that have an important role to play in keeping customer data safe.”