The Financial Services Authority recently fined three HSBC firms a total of $5 million dollars for inadequate security controls, or a complete lack thereof. It's the largest such fine in the UK, according to Hunton & Williams' Privacy & Information Security Law Blog.
The record fine resulted from "losing two unencrypted disks containing personal data in the mail, failing to store data securely, and poor staff training," the story says. And it could have been worse. The firms' cooperation with authorities got them a 30 percent discount on the fine.
Writers say the "incident" will raise questions about whether the UK should pass a national data breach law and whether the Information Commissioner's Office can or should impose fines for security breaches.
Interestingly, security resellers are "banking" that the FSA's tough response to such breaches will continue. The UK managing director of Integralis, Graham Jones, told CRN:
You need a good story such as [HSBC] every now and again to keep the board focused on security. This highlights that security should stay at the top of boards' agendas.