FSA takes personal data seriously

In a heavyweight report (104 pages) “Data Security in Financial Services: Firms’ controls to prevent data loss by their employees and third-party suppliers” the FSA has warned its members to do more to protect personal data.

Highlighted right on the first page:

it is not appropriate for customer data to be taken offsite on laptops or other portable devices which are not encrypted.1 We may take enforcement action against firms that fail to encrypt customer data offsite.

Only may? Still, it’s a start.

I’ve only read the executive summary so far but it’s pretty damning on what happens in smaller and medium sized firm. The gap between policy and practise is also criticised, especially the general lack of a holistic approach to security which integrates non-IT controls .

As for the auditors that should be picking up on this:

Some firms’ compliance and audit staff lack the necessary understanding of the subject or technical expertise… the standard of small firms’ compliance checking – and their overall performance on data security – is very weak indeed.

Oops.

The full report can be found here [PDF], and the associated press release, here.

These recommendations are relevant to just about every organisation: they all will store some personal information. Even the military.

Advertisements

About Peter Cruickshank

Lecturer in the School of Computing and a member of the Centre for Social Informatics at Edinburgh Napier University, Scotland. Interested in information systems, learning, politics, society, security and where they intersect. My attempts at rounding out my character include food, cinema, running, history and, together with my lovely wife, bringing up a cat and a couple of kids.
This entry was posted in news, Security, UK and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s