99.9% of financial information breaches don’t result in prosecution

As increasing numbers of businesses and individuals manage their finances on mobiles and online, the need for stringent financial data protection laws is more pressing than ever before.

However, data recently obtained by Artmotion via a Freedom of Information request from the Information Commissioner’s Office (ICO), calls into question the effectiveness of data protection in the financial sector.

The data revealed that over the last five years, 14,000 data protection complaints were made against the financial sector in the UK, including several directed at Barclays, HSBC, Lloyds and Nationwide. More than a quarter of these complaints were made in relation to the security of data or the unlawful disclosure of data. The ICO’s data also shows that the financial sector received more complaints than any other industry in the UK over the same time period. 

Despite this, less than 0.1% of those complaints have resulted in criminal prosecutions, while less than 0.5% have led to any enforcement action on the part of the ICO. These findings suggest that the current data protection regulations are not tough enough to enable enforcement agencies to deliver real protection for the data held by financial organisations. 

Globally, the U.K currently ranks just behind the United States for data breaches. What differs between the two nations is that whereas in the US laws and regulations force organisations to admit when their data breaches impact upon customers, it seems that the UK, and perhaps even the EU for that matter, are unable to provide adequate government protections or meaningful enforcement for breaches.  

This is especially troubling as of course in the financial sector data protection is of even higher significance than in other areas. The financial services industry has a responsibility to ensure that the personal information they manage is protected in a highly secure way. 

Should individuals and businesses expect better? We say undoubtedly yes. 

Strong encryption and data security should be vital parts of an organisation’s core business strategy, both in terms of defending their customers’ rights, and in protecting their own corporate assets. At the end of the day, privacy is a right. Customers want it, and businesses should want to provide it. The only question for IT departments is – how? 

The advantage today is that as data hosting becomes less and less dependent on physical location, organisations are increasingly given free reign to store their data wherever they choose. This means that – through sensible hosting decisions – businesses can start to regain control of their data security. This freedom means that organisations can choose to host data exclusively in high security data centres, without the constraint of where that data centre is based. In addition, businesses can also choose to move their data to countries where individual privacy is taken seriously and governed by stronger legislation. 

When it comes to highly sensitive financial information the fact is that, for many organisations, data privacy is better served by moving their data hosting to countries outside the UK and even outside the EU. Countries such as Switzerland have far stronger regulations when it comes to data privacy and security and can offer more comprehensive protection in high security data centres offering the latest encryption technologies and dedicated servers. 

nach oben