An article relating to this blog post on Finextra:
HSBC customer data lost in transit
HSBC says a computer disc containing the confidential personal details of around 370,000 UK life assurance customers has gone missing.
See article
Given the regulatory and reputational risk associated with the loss of personal customer data it beggars belief that a top tier bank can still think it's OK to despatch an unecrypted computer disc containing sensitive information on 370,000 of its customers
by courier.
HSBC's defence - that the disc was password protected and contained no bank account information - is flimsy to say the least.
The office of the UK Information Commissioner is calling for stronger audit and inspection powers to carry out impromptu inspections on private sector organisations where poor practice is suspected. The UK's banks would be in the front line of any such raids,
although this should be the least of their worries.
As the Commissioner notes: "If banks and building societies fail to treat people’s personal information securely, they risk losing the confidence and trust of their customers. Our research shows that over half of individuals no longer have confidence in
the way organisations such as banks, local authorities and government departments handle their personal information."