What
- Loss of personal data.
- General lack of controls
How much
180,000 records.
Why
Loss of unencrypted CD in the post.
Regulator
FSA
Regulatory action
Monetary penalty – £1,610,000
Reason for action
Systemic organisational failings in InfoSec. No risk assessment. Repeated transmission of unencrypted data. Customer data held insecurely in office.
When
17 July 2009
Links
Press release on the FSA website
View PDF of the HSBC Life (UK) Final Notice (via FSA website)
View PDF of the HSBC Life (UK) Final Notice (Breachwatch archive)