Financial firms need to take responsibility for data security
By Stuart Janicki • 18 Jun 2013
Anti-money laundering laws require Financial Services Firms to collect identifiable information about their customers, increasing the risk of data security issues.
The highly sensitive information can include employment history, income levels, passport numbers, bank PINs, insurance details and medical information. The sheer amount and type of information gathered presents a goldmine to identity fraudsters.
It is incorrect to assume that firms who collect only small snippets of information are at risk. Serious fraudsters can take these fragments and combine them with publically available resources to compile a profile of an individual. These resources can include phone directories and electoral registers, but even more information is now available from social media sites such as Facebook (ask yourself if your profile has your Mother’s maiden name associated with it).
Protecting all data is crucial. A serious identity fraudster will try anything to apply for credit - no matter how frivolous the information, what the net worth of the client is, or how many customers you have. This is why watchdogs such as the Financial Conduct Authority and Information Commissioner’s Office urge all firms to appreciate the gravity of this risk.
The ICO has the power to enforce the Data Protection Act 1998, and this includes issuing hefty fines. The FCA, and previously the FSA, have stated they will enforce action if firms continue to ignore these risks. Firms should not feel they are being picked on, with the benefits of taking action as clear cut in any industry. Losing data for any company equals big fines, a loss of customers and long term brand damage. But for financial services, the level of personal details available multiplies the risks to the customer.
Heads buried in sand is not an option; neither is refusing to collect the data. The only option is to tackle it head on, with the FCA urging firms to be proactive rather than waiting for any sign of a breach.
It is the responsibility of firms to identify risks, or seek expertise to help this process. Once risks have been identified, appropriate levels of resource must be dedicated to addressing those risks. This needs buy-in from senior management, who must see the importance of incorporating data security throughout the organisation.
Hopefully this serves as a good introduction to the importance of data protection for Financial Services Firms. We will follow this up with some summaries of excellent practical advice from the FCA soon. If you have anything to contribute to this discussion, add it to the comments below, or if you’re worried about your data security, contact us for a free consultation.
Share this post