Font Size

Financial company loses over 600 customers details

 By

The Information Commissioner’s Office

Business Articles
Submit Articles   Back to Articles

News release 3 February 2012

A financial services company with operations in the UK, USA and Middle East breached the Data Protection Act by losing over 600 customers’ personal details, the Information Commissioner’s Office (ICO) said today.

E*Trade Securities Ltd discovered that a large number of customer files were missing in April 2010 when they were asked to retrieve archived documents held in a storage facility in the UK. Files containing 608 customers’ personal data remain missing, most of the files included identification documents, proof of address and account application forms.

The company informed the ICO about the breach in December 2010 after all attempts to find the information had failed. Initial enquiries found that E*Trade Securities Ltd did not have a formal agreement in place with the contractor responsible for securely storing their client data.

The company has now agreed to take action to keep the personal information it holds secure. This includes implementing written agreements with UK contractors storing client personal data on its behalf and making sure that appropriate audit trails are in place to record where client files are being sent and stored at all times.

Head of Enforcement, Steve Eckersley, said:

“This breach was caused by the company failing to have the necessary security measures in place to keep their clients’ information secure.

“The fact that customer records are being archived in a storage facility and not regularly accessed does not give businesses license to forget about them. This case demonstrates how important it is to stipulate in writing how long personal information needs to be kept, how regularly it should be reviewed and when it can be securely destroyed.”

A full copy of the undertaking can be viewed here:

http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/taking_action.aspx#undertakings

The ICO has produced guidance for organisations operating and sending personal information overseas which can be found on the ICO website at: http://www.ico.gov.uk/for_organisations/guidance_index/~/media/documents/library/Data_Protection/Detailed_specialist_guides/international_transfers_legal_guidance_v4_290410.ashx.

If you need more information, please contact the ICO press office on 0303 123 9070 or visit the website at: www.ico.gov.uk.


About the Author

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We do this by promoting good practice, ruling on complaints, providing information to individuals and organisations and taking appropriate action when the law is broken.

The ICO enforces and oversees the following legislation:

  •  Data Protection Act 1998
  •  Freedom of Information Act 2000
  •  Privacy and Electronic Communications Regulations 2003
  •  Environmental Information Regulations 2004



Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2012-02-03 13:34:19 in Business Articles

All Articles

Copyright © 2004-2019 Scopulus Limited. All rights reserved.