THE £1m fine meted out to Nationwide by the FSA after a laptop was stolen from an employee's home has rapidly brought the issue of client data protection to advisers' attention.
Although the regulator says the fine was for “larger failings” within the building society’s security systems, rather than for the theft itself, IFAs are beginning to ask: Just what is expected of us?
Jim Clancy, of Clancy’s Financial Planning, says the fine worried him, especially after he had his laptop computer stolen during a recent trip to London.
“What controls can we advisers really put in place?” he says.
“Sometimes you can’t help but have valuable information on your laptop. I could have everything on there: life policies, quotes, mortgage details. You can password protect your laptop but someone could get past that if they really wanted to. What can we do to protect ourselves?
“The fine handed out to Nationwide was pretty big. If they were to hand out anything approaching that to a smaller firm, it could really hurt them,” says Clancy.
The Nationwide theft occurred in August last year, but it took three weeks before the society realised the extent and sensitivity of the customer details on the computer.
During its investigation, the regulator found the building society did not have adequate information security procedures and controls in place, potentially exposing its customers to an increased risk of financial crime.
Amanda Davidson, of IFA firm Baigrie Davies, says advisers need to be aware protecting client information is their responsibility and theirs alone.
“I know from speaking with IFAs that they have been shocked by the size of the fine,” she says. “But I’m not sure Nationwide handled it as well as they might have done.
“Thefts will happen but advisers need to make sure they are on top of this whole security thing. It is your duty as an adviser to look after your client data carefully. You need to remember that you are a regulated firm and data protection sanctions can be quite severe.”
Kim North, director of consultancy firm Technology and Technical, has some advice for IFAs that find themselves out and about visiting clients.
“I think data protection, particularly these days, is something that should be taken extremely seriously,” she says.
“If you’re walking around with all your information on you, you need to be very, very careful. My advice would always be never to walk around with the whole of your database because of the high risk involved.
“If you have just got addresses and basic information it should be fine, but anything under data protection, such as National Insurance numbers, will not be. If advisers are out and about visiting clients, then the way to do things would be to just carry that client’s details with them, not those of everyone,” adds North.
The FSA says all firms offering financial services and regulated by them need to ensure they have “appropriate” systems to protect their client data.
The regulator also says it didn’t expect smaller firms to have the same level of protection as their larger counterparts.
A spokesperson says: “The bottom line is that firms should have appropriate systems and controls in place to minimize the risk of financial crime.
“They must have systems in place that are proportional to the risks in their business, so this is not a case of one size fits all. Different companies will be required to have different systems in place depending on a number of factors,” she adds.
Do you have any thoughts on how IFAs could tackle client data security
when out and about with mobile technology, such as laptops and tablets? Share your ideas either with the IFAonline editorial team or post them on the IFAonline discussion boards.
If you have any comments you would like to add to this story or would like to speak to its author about a similar subject, telephone Scott Sinclair on
020 7034 2636 or email [email protected]
Three examples of compensation rule issues
Buying in baskets
Scam victims lost average £91,000
Stepped down following MBO
Helped by rising oil price