The BBC reported that the fines were related to ‘offenses’ in 2007 and 2008. 
The FSA found that HSBC had failed to sufficiently protect confidential details about their customers. Twice, unencrypted customer data was lost in the post. Unencrypted data on CDs was left in open shelves and unlocked cabinets.
They probably didn’t follow the standard practices recommended for handling sensitive data.
A quick reminder:
- Always encrypt data
- Avoid sending information by post, use secure FTP instead
- Make your staff aware of the risks associated with identity theft
- Have a security policy in place referring to the Data Protection Act
Margaret Cole, director of enforcement at the FSA stated: “It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers’ details.”
The fines could have been more, but HSBC came to an agreement in the early stages of the FSA’s investigation, saving an additional £1.5m in fines.
