Financial company loses over 600 customers details
Submit Articles Back to Articles
release 3 February 2012
A financial services company with operations
in the UK,
and Middle East
breached the Data Protection Act by losing over 600 customers’ personal
details, the Information Commissioner’s Office (ICO) said today.
E*Trade Securities Ltd discovered that a
large number of customer files were missing in April 2010 when they
were asked to retrieve archived documents held in a storage facility in
Files containing 608 customers’ personal data remain missing, most of
the files included identification documents, proof of address and
account application forms.
The company informed the ICO about the
breach in December 2010 after all attempts to find the information had
failed. Initial enquiries found that E*Trade Securities Ltd did not
have a formal agreement in place with the contractor responsible for
securely storing their client data.
The company has now agreed to take action to
keep the personal information it holds secure. This includes
implementing written agreements with UK contractors storing client
personal data on its behalf and making sure that appropriate audit
trails are in place to record where client files are being sent and
stored at all times.
Head of Enforcement, Steve Eckersley, said:
“This breach was caused by the company
failing to have the necessary security measures in place to keep their
clients’ information secure.
“The fact that customer records are being
archived in a storage facility and not regularly accessed does not give
businesses license to forget about them. This case demonstrates how
important it is to stipulate in writing how long personal information
needs to be kept, how regularly it should be reviewed and when it can
be securely destroyed.”
A full copy of the undertaking can be viewed
The ICO has produced guidance for
organisations operating and sending personal information overseas which
can be found on the ICO website at: http://www.ico.gov.uk/for_organisations/guidance_index/~/media/documents/library/Data_Protection/Detailed_specialist_guides/international_transfers_legal_guidance_v4_290410.ashx.
If you need more information, please contact
the ICO press office on 0303 123 9070 or visit the website at: www.ico.gov.uk.
About the Author
The Information Commissioner’s Office is the UK’s
independent authority set up to uphold information rights in the public
interest, promoting openness by public bodies and data privacy for
individuals. We do this by promoting good practice, ruling on
complaints, providing information to individuals and organisations and
taking appropriate action when the law is broken.
The ICO enforces and oversees the following
- Data Protection Act 1998
- Freedom of Information Act 2000
- Privacy and Electronic Communications
- Environmental Information Regulations
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2012-02-03 13:34:19 in Business Articles
All ICO Articles