HSBC Life (UK)

What

  • Loss of personal data.
  • General lack of controls

How much

180,000 records.

Why

Loss of unencrypted CD in the post.

Regulator

FSA

Regulatory action

Monetary penalty – £1,610,000

Reason for action

Systemic organisational failings in InfoSec. No risk assessment. Repeated transmission of unencrypted data. Customer data held insecurely in office.

When

17 July 2009

Links

Press release on the FSA website

View PDF of the HSBC Life (UK) Final Notice (via FSA website)

View PDF of the HSBC Life (UK) Final Notice (Breachwatch archive)