A stockbroker has been fined 77,000 by the Financial Services Authority (FSA) for failing to protect its customers from identity fraud despite the firm not having had a data breach.
The FSA visited Merchant Securities Group (MSGL) in September 2007, to look through the stockbroker's systems and controls. The firm did not have a breach of any sort, but was looked at as part of an FSA drive to gather information about how firms manage their data security.
During the visit, the FSA found that Merchant did not have proper procedures for identifying customers over the telephone, but relied on recognising customers' voices or knowing details about their personal life. In addition, account numbers were sent out in letters containing customers names.
As well, back-up tapes of customer data were stored overnight and unencrypted in the home of a staff member, and staff were openly allowed to use webmail and instant messaging despite concerns about data risks.
Margaret Cole, director of enforcement at the FSA, said: "It is unacceptable that despite increased awareness of data security issues, a firm should be so careless about its systems for protecting customers' personal details. People have a right to expect their details to be kept secure and firms should be committed to treating their customers fairly in all aspects of their business."
She added: "Reducing financial crime in the UK is a priority for the FSA and our recent data security report showed that many firms still need to do more to get it right. We will not wait until information has been lost or stolen before taking action against a firm. The level of the fine for a firm of this size should serve as a warning to others to take data security seriously."
The original fine against Merchant Securities was 110,000, but it was reduced by 30 per cent as part of a settlement deal that saw Merchant co-operated with the FSA from an early stage.
In a statement, Merchant Securities stressed that there was no loss of customer data at any point. "The FSA found no evidence of any theft or compromise of customer information," the statement said. "MSGL has listened to the FSA's concerns and has undertaken a thorough review of all its systems and controls for the protection of customer data to ensure that they are now robust. Changes implemented since October 2007 mean that MSGL is confident that the shortcomings in its systems and controls identified by the FSA have been fully resolved."
Patrick Claridge, acting chief executive of Merchant Securities, said: "We have taken steps to improve our systems and security for our clients' benefit and will continue to do all we can to protect their interests in the future."
The FSA has previously fined Norwich Union some 1.26 million after a data breach.
-
The CEO's guide to generative AI: Be a creator, not a consumerWhitepaper Innovate your business model with modern IT architecture, and the principles of trustworthy AI
-
Building a strong business case for GRC automationwhitepaper Successfully implement an innovative governance, risk & compliance management platform
-
Sundar Pichai: AI keeps me up at nightNews The Google chief warned that recent AI developments will have a profound impact on society
-
ChatGPT privacy flaw exposes users’ chatbot interactionsNews OpenAI has not expanded on the flaw in detail, nor indicated its reach
-
2022 Magic Quadrant for data integration toolsWhitepaper Using research to evaluate suitable vendors for their existing and upcoming data integration use cases
-
Redefining modern master data management in the cloudWhitepaper Why you need a modern MDM solution built for the cloud
-
Magic quadrant for data quality solutionsWhitepaper Amplifying analytics for better insights and for making trusted, data-driven decisions
-
Oracle to act as US data auditor for TikTokNews All US traffic on the social media platform will be routed through Oracle's cloud infrastructure
