I stumbled across a story at debtmanagementtoday.co.uk, where it’s revealed that the Financial Services Authority in the UK lost 41 laptop computers and BlackBerry devices over the past three years. FSA contends that all of their devices either used data encryption or password protection.
Ironic? I Suggest Getting A Dictionary
Ironically, the regulator [the FSA] has issued some of its largest bans on financial institutions who have failed to provide adequate data security.
Only in August of this year, the FSA fined the UK branch of Zurich Insurance Plc £2,275,000 for failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information. [ debtmanagementtoday.co.uk]
I don’t see where the irony lies. Really. As it was noted before, the FSA uses encryption software on their devices (and apparently, only password protection on the BBs. What’s up with that? One of the reasons corporations use BB devices is due to its powerful encryption). Plus, they knew about these incidences to report them under FOIA.
Contrast that with Zurich Insurance Plc (ZIP): not only had they not used encryption like AlertBoot endpoint security software to secure a backup tape that contained sensitive customer information (affecting all of their clients in South Africa–550,000 of them), they hadn’t been aware of the data breach for over one year!
As far as I know, ZIP was fined for the correct reasons: “failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information.” The FSA, on the other hand, has adequate protection in place. Where’s the irony? The fact that stuff got lost? Well, that’s not the reason why ZIP got penalized now, is it?
Naturally, this doesn’t mean that the FSA shouldn’t be taking some heat.
2008: 2 laptops and 2 BBs lost
2009: 8 laptops and 10 BBs lost
2010: 10 laptops, 7 BBs, and 2 USB memory sticks lost
See the pattern? This is not good. On the other hand, the above figures are meaningless without context, such as, how many employees did FSA have during these years? How many of these devices contained sensitive information? Is this a trend of lost devices or a trend of reporting lost devices? How many devices were issued to FSA personnel?
Context is everything. I remember reading an article about a Swiss watch maker laying off 50% of their workers due to the bad economy. It turned out to be 2 guys in their sixties who were glad to get some time off and enjoy their retirement prematurely. Context.
I don’t know about other people, but I for one am glad to hear that, essentially, the FSA is practicing what it preaches, such as using laptop encryption.
Related Articles and Sites: