Data security in the spotlight again

HSBC’s website includes a section telling customers how to keep their online data safe. So it will come as a surprise to those customers to hear the news today that HSBC has issued a public apology to 370,000 insurance customers after the bank lost a computer disk containing their personal information. The data included names, life insurance cover levels and dates of birth.

The discs, on which data was held in a password-protect but unencrypted form, was lost by a Royal Mail courier somewhere between HSBC’s offices in Southampton and the destination - Swiss-Re.

“The data disk lost by HSBC contains no address or bank account details for any customer and would therefore be of very limited, if any, use to criminals,” HSBC said in a statement.

Hmmm, I’m not sure that is much comfort to an HSBC customer and it will not have pleased the financial services industry regulator, the FSA.

The FSA has the power to fine HSBC if it decides that proper procedures concerning the Data Protection Act were not followed.

Another example, hot on the heels of the Inland Revenue data loss, of the need for organisations to take the potential loss of sensitive data more seriously.