FSA blunder exposed IFAs' email data
Share
The FSA has apologised for failing to protect the email addresses of hundreds of IFAs which were revealed in a mass email.
This month, the FSA emailed an online questionnaire to firms requesting information about the possible effects of the RDR proposals on their business.
The regulator made the addresses of advisers receiving a carbon copy plainly visible in the email.
PanaceaIFA community portal chief executive Derek Bradley says the FSA should consider internal action over the failure to protect the personal data of firms it regulates. He says: “I am reminded of the fines for poor management of internet security. On February 14, 2007, for
example, the FSA fined Nationwide Building Society £980,000 for failing to have effective systems and controls to manage its information security risks.
“At the time, the FSA’s director of enforcement Margaret Cole said firms’ internal controls are fundamental in ensuring customers’ details remain as secure as they can be.
“On this occasion, will the FSA fine or discipline its employee? A bit of humility would be a starting point in that accidents can and do happen - even to the FSA.”
An FSA spokesman would not comment on whether any internal disciplinary action would be taken but says: “For one batch of those RDR emails sent to a big number of firms, a mistake was made. It was a genuine mistake, for which we apologise.”
Finance and Technology Research Centre director Ian McKenna says: “This is worrying, given that adviser firms are prime targets for fraudsters
because of the depth of information they hold about clients. If a fraudster got hold of this email, it would save them many hours’ work in ourcing this information themselves.”
If you enjoyed this article, sign up here to receive daily email updates from Money Marketing and Follow @_moneymarketing
View results 10 per page | 20 per page | 50 per page
Readers' comments (24)
Incompetent Regulators Awards Team | 27 Jan 2010 4:18 pm
Jerks!
Unsuitable or offensive? Report this comment
Anonymous | 27 Jan 2010 4:20 pm
Not sure what all the fuss is about you can get them from the FSA web site anyway Lol!!!
Unsuitable or offensive? Report this comment
john | 27 Jan 2010 4:21 pm
Not a laughing matter, but i have just wet myself
Unsuitable or offensive? Report this comment
Anonymous | 27 Jan 2010 4:24 pm
Of course it was a genuine mistake! But it always is - and that doesn't seem to be an adequate excuse to prevent fines in other cases. Will the regulator fine itself - and set it off agianst the fes wehave to pay?
Unsuitable or offensive? Report this comment
AshDev | 27 Jan 2010 4:25 pm
A rather poor piece of reporting. It's rather disingenuous to compare this to a failure to properly control customer personal data. And I bet that these IFAs all have their email address on their websites etc. The worst outcome is that they might get junk emails sent to them....by other IFAs!!!
Unsuitable or offensive? Report this comment
Nick | 27 Jan 2010 4:25 pm
these email address's are freely available on the FSA register, so hardly that secret!
Unsuitable or offensive? Report this comment
Peter | 27 Jan 2010 4:27 pm
Will anything happen? Not a snowball in hell's chance.
Unsuitable or offensive? Report this comment
Anonymous | 27 Jan 2010 4:28 pm
Talk about shooting oneself in the foot. Yet again that albatross of a regulator has fallen and pooped again. Apologies aren't good enough.
Unsuitable or offensive? Report this comment
Rambling Syd | 27 Jan 2010 4:30 pm
I take it the FSA employee responsible is one of those that they would have trouble retaining if he/she weren't paid a generous bonus?
Don't shout too loudly for a fine though, they'll only put our fees up to pay for it.
Unsuitable or offensive? Report this comment
Michael Fallas | 27 Jan 2010 4:39 pm
Mistake - sorry that is not a word the FSA understands when it refers to themselves.
How many have received a written apology I wonder ?
Unsuitable or offensive? Report this comment