- Loss of personal data.
- General lack of controls
Loss of unencrypted CD in the post.
Monetary penalty – £1,610,000
Reason for action
Systemic organisational failings in InfoSec. No risk assessment. Repeated transmission of unencrypted data. Customer data held insecurely in office.
17 July 2009
Press release on the FSA website
View PDF of the HSBC Life (UK) Final Notice (via FSA website)
View PDF of the HSBC Life (UK) Final Notice (Breachwatch archive)