Do more to protect customers' personal details, warns FSA

The FSA is urging firms to change their attitude to data security and do more to help prevent their customers falling victim to identity fraud and other types of financial crime.

They say:

It is worrying that despite increased public awareness of the impact that identity theft can have on customers, many firms are still not taking this risk seriously. Customers have a right to be confident that firms are doing everything reasonably possible to keep their personal and financial details safe.

It is good practice to encrypt laptops and transfer data to third parties using secure internet links.

Next time customer data hits the public domain, these are two things to look for.

HSBC loses customer data

In a major loss of customer data, HSBC has owned up to losing a computer disc four weeks ago with information about 370,000 customers.

The customers' details included their names, dates of birth, and their levels of life insurance cover. HSBC says there are no addresses or bank account details, and on this basis maintains that customers' exposure to potential fraud is limited.

HSBC are keen to stress that the data was password protected (which isn't usually hard to break), so it probably wasn't encrypted.

The disc was sent by courier. Now, we know that couriers lose some things. So the question is: what proportion of items entrusted to them do couriers lose? And how many discs containing customer information are HSBC sending whizzing around the country?

Of course HSBC could keep the data secure if they paid one of their employees to take it directly from A to B. But doubtless it's cheaper to use couriers and accept that from time to time chunks of customers' data will go missing.

Nationwide and the Norwich Union have suffered heavy fines and public reprimands for not looking after customer details properly.