Financial advisers are being warned to tighten their data security as new powers mean they could be fined TWICE for breaches.
From next April, the Information Commissioner's Office (ICO) will join the FSA as an organisation with the power to fine firms that breach its rules.
It follows a record £3.2m FSA fine handed out earlier this week to HSBC subsidiaries, including more than £1.6m to the group's insurance arm HSBC Life for data security lapses.
City law firm Reynolds Porter Chamberlain (RPC) says the fine represents a huge jump from the £980,000 fine handed to Nationwide Building Society for similar failures in 2007 and suggests the FSA's crackdown will get worse.
But it adds an additional threat to firms will come from the new powers granted to the ICO, an independent body promoting the protection of personal information. The ICO is due today (Thurs) to release a statement outlining the scope of its new powers.
"When the ICO gains this power next year, any FSA-regulated firm may well be subject to ‘double jeopardy' fines for data protection breaches," RPC partner Oliver Bray says.
"One careless mistake by a regulated firm could expose it to fines from both the ICO and FSA."
Under current rules outlined in the Data Protection Act, the ICO cannot issue fines for breaches of the eight data protection principles at the heart of the law.
From next April that will change and it will be able to issue fines for knowing or reckless breaches of the Act's principles.
Earlier this week, HSBC subsidiaries were fined a total of £3.2m for failing to protect their customers' personal data.
The FSA says the three firms were guilty of sending unencrypted client data in the post and leaving confidential files on open shelves and in unlocked cabinets in otherwise well secured offices.
RPC regulatory partner Jonathan Davies adds: "This [HSBC] fine will act as a wake-up call to many FSA regulated firms to revisit their data protection and financial crime policy and training procedures.
"Regulated firms would do well to ensure that they have one clear policy document outlining their data protection and financial crime policy."
Two global vehicles
'Further plug advice gap'
Must appoint separate CEOs and boards
Advisers do come out well
Will report to Mark Till