HSBC has been fined £3.2 million by the Financial Services Authority (FSA) for failing to properly secure its systems and prevent the loss of confidential customer information.
Three of the banking giant’s business units, HSBC Life UK, HSBC Actuaries and Consultants and HSBC Insurance Brokers, were fined for information security breaches, most significantly for losing unencrypted data in the post.
HSBC Actuaries lost an unencrypted floppy disk in the post in April 2007, containing the details of almost 2000 pension scheme members, while in February 2008 HSBC Life UK lost an unencrypted CD in the post containing details of 180,000 policy holders.
The financial watchdog also said that information was left on shelves or unlocked filing cabinets and that staff were not sufficiently trained to recognise risks.
The FSA’s director of enforcement, Margaret Cole, said all three units had failed their customers “by being careless with personal details that could have ended up in the hands of criminals.”
“It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers’ details,” she said.
Group managing director at HSBC, Clive Bannister, said that while the bank held itself to the highest standards, “it is clear that in these instances we have fallen short, which we sincerely regret.”
"[Since the incidents] we have implemented even more rigorous systems, better checks and more training for our people. We believe our customers can have confidence that we are doing everything we can to protect their privacy,” he added.