View more on these topics

FSA blunder exposed IFAs’ email data

The FSA has apologised for failing to protect the email addresses of hundreds of IFAs which were revealed in a mass email.

This month, the FSA emailed an online questionnaire to firms requesting information about the possible effects of the RDR proposals on their business.

The regulator made the addresses of advisers receiving a carbon copy plainly visible in the email.

PanaceaIFA community portal chief executive Derek Bradley says the FSA should consider internal action over the failure to protect the personal data of firms it regulates. He says: “I am reminded of the fines for poor management of internet security. On February 14, 2007, for
example, the FSA fined Nationwide Building Society £980,000 for failing to have effective systems and controls to manage its information security risks.

“At the time, the FSA’s director of enforcement Margaret Cole said firms’ internal controls are fundamental in ensuring customers’ details remain as secure as they can be.

“On this occasion, will the FSA fine or discipline its employee? A bit of humility would be a starting point in that accidents can and do happen – even to the FSA.”

An FSA spokesman would not comment on whether any internal disciplinary action would be taken but says: “For one batch of those RDR emails sent to a big number of firms, a mistake was made. It was a genuine mistake, for which we apologise.”

Finance and Technology Research Centre director Ian McKenna says: “This is worrying, given that adviser firms are prime targets for fraudsters
because of the depth of information they hold about clients. If a fraudster got hold of this email, it would save them many hours’ work in ourcing this information themselves.”

Recommended

Myners says UK will not follow US bank break-up

City Minister Lord Myners has defended the UK’s handling of the banking crisis and insisted the UK should not follow US president Obama’splans to separate retail and investment banking. Last week, Obama announced “the Volcker rule” which will limit the scope of banks and ensure that no financial institution that contains abank will own, invest […]

3

Pension mission

Whether we like it or not it is legislation that shapes our pension saving behaviour. It is because of past legislation that some of us today save in funded pension schemes run by our employers and some of us save instead in unfunded pension schemes run by the state. It is also due to legislation […]

Group therapy

Alot of the press coverage of the Investment Management Association concerns the topic of sectors, especially the creation of new sectors or the abolition of small ones that no longer serve a purpose. What is the objective of the IMA categories? There are more than 2,500 UK authorised funds available to buy. Sectors are designed […]

Global equities: time to de-risk?

While equity valuations have doubled since the financial crisis, Simon Edelsten explains that there are still pockets of value. But not where you might think Macro-economic uncertainty is causing turbulence in equity markets. Artemis Global Select Fund manager Simon Edelsten says his investment themes are taking him in a different direction to some of his peers – away […]

Newsletter

News and expert analysis straight to your inbox

Sign up

Comments

There are 25 comments at the moment, we would love to hear your opinion too.

  1. Incompetent Regulators Awards Team 27th January 2010 at 4:18 pm

    Jerks!

  2. Not sure what all the fuss is about you can get them from the FSA web site anyway Lol!!!

  3. Not a laughing matter, but i have just wet myself

  4. Of course it was a genuine mistake! But it always is – and that doesn’t seem to be an adequate excuse to prevent fines in other cases. Will the regulator fine itself – and set it off agianst the fes wehave to pay?

  5. A rather poor piece of reporting. It’s rather disingenuous to compare this to a failure to properly control customer personal data. And I bet that these IFAs all have their email address on their websites etc. The worst outcome is that they might get junk emails sent to them….by other IFAs!!!

  6. these email address’s are freely available on the FSA register, so hardly that secret!

  7. Will anything happen? Not a snowball in hell’s chance.

  8. Raphael Kozlowski 27th January 2010 at 4:28 pm

    Talk about shooting oneself in the foot. Yet again that albatross of a regulator has fallen and pooped again. Apologies aren’t good enough.

  9. I take it the FSA employee responsible is one of those that they would have trouble retaining if he/she weren’t paid a generous bonus?

    Don’t shout too loudly for a fine though, they’ll only put our fees up to pay for it.

  10. Mistake – sorry that is not a word the FSA understands when it refers to themselves.

    How many have received a written apology I wonder ?

  11. A collection of e-mail addresses is not personal data as defined under the DPA as it is not data ‘related’ to anybody, in fact its probablly not even data. Get it right MM and stop sensationalising this.

    Eg Just because a document or file title contains somebody’s name does not always mean that it is about him; an e-mail headed, ‘Meeting about Mr Smith’ which discusses other people’s availability for that meeting is not about Mr Smith. Likewise, minutes of a meeting attended by an individual will not be ‘personal data’ simply because the person attended the meeting and contributed to its discussions. However, if the meeting discussed an individual, then the minutes will be ‘personal data’ about that person.

    Yes I still think the FSA are overpaid idiots but really…. I’m pretty sure I have had e-address blocks sent to me in the past by certain trade newspapers amongst others.

    MM live by the sword die by the sword you have been warned!!!

  12. The Data Protection Principles are statutory and have the force of Law. Presumably, the Information Commissioner is steadfastly looking in the opposite direction.

  13. Would the last IFA to leave the country blow thr c 27th January 2010 at 4:55 pm

    I have every faith that the FSA will fine itself about £1m.Just as it did to the Nationwide Building Society for the same failing in not having effective systems and controls to manage its information security risks.
    All IFAs could then look forward to receiving the bill to pay the fine

    That will teach the FSA a lesson.

  14. Storm in a tea cup really.
    But shouldn’t the FSA have carried out a study BEFORE implementing the RDR?
    Nice to see they can say the IFA community was consulted on the RDR…………even if it took place after the event!!

  15. I “replied all,” pointing out to the sender that the unnecessary disclosure of all the addresses is almost certainly a breach of the Data Protection Act. Also that having the entire mailing list on such a large number of computers imposed a risk, in that it only takes one computer to have a virus for the owner of each e-mail address on the list then to be at risk of infection.

    I “replied all” in the hope that every recipient would immediately check their virus software was up to date and leave their computer doing a virus check overnight.

    The number of “bouncers” I had suggested that an astonishing number of e-mail addresses weren’t operative. Apparently the FSA list isn’t up to date either.

    Have I had an apology from the FSA, or even an acknowledgement reply? Have I hell! So suggesting that the FSA has apologised is disingenuous.

    We have to deal with the FSA in an open and honest manner (as is right). Don’t they have to set an example and do the same with us?

  16. Thematic review perhaps ?. Now that would be, to use FSA fudge expression, interesting!!!

  17. How much longer are we going to have to suffer this group of idiots who call themselves the FSA, they could not organize a drink up in a brewery

  18. Have decided to fine the FSA £1 to be reduced to £0.75 if they co-operate. If they object that I have no legal basis for imposing this fine I will draw their attention to legal precedent established by themselves.

  19. What else do we expect from such incompetent tw@ts?
    If we made such a mistake we would face a fine. As most IFAs are individuals or partnerships it would hit us personally. Therefore the pillock or pillocks that allowed this to happen should also be fined personally, and sacked if appropriate.
    To say that the e-mail information is available anyway is Irrelevant, it would not be taken into account if we made a similar mistake.
    The FSA proes time and time again that it is useless, incompetent and like Gordon Borown’s clowns, not fit for purpose!

  20. The lunatics are running the asylum

  21. AshDev suggest that “It’s rather disingenuous to compare this to a failure to properly control customer personal data.” Perhaps he misunderstood – this is not a comparison with a failure to control personal data, it is a real failure to control personal data. Incidentally, Ash, disingenuous means lacking in frankness, candor, or sincerity; falsely or hypocritically ingenuous; insincere. Perhaps you misunderstood that as well.

  22. This is no big deal really in isolation in that email addresses are mostly available elsewhere, indeed from the FSA website.

    It is however, yet another case that goes towards the belief that the FSA, like the Government are unfit for purpose and unfit to regulate.

    The good that the FSA has done to the industry in relation to the cost probably equates to paying £100,000 for a 89p bar of Cadbury’s (Kraft) chocolate.

    Roll on the day that it is disbanded and from its wake something robust and appropriate is created.

    I can but dream…………………………….

  23. This is a serious matter. Surely top management of the bungling FSA should immediately book a 5 star hotel, with minibar, in order to meet and discuss this matter.
    No expense should be spared in investigaing this blunder- after all it seems that no expense has been spared in the past!

  24. You can only laugh at this…

    So if its Governmental – they can say sorry.. (but they would then only up the fees or taxes..)…… ‘they’ can also charge what they like… (£970 for a Consumer Credit Licence these days….)

    But if it’s an Individual – its a huge fine…. and they have to expalin what their charges are to the minutest detail…

    ….. hardly seems fair…

    Used to think as a race, we are pretty tolerant… I guess they have just worked out we are just plain stupid.

  25. The FSA sets itself up as a ‘regulator’ and can’t be trusted to perform the most basic functions.
    They licensed a twice convited theif and fraudster as an IFA and surprise, surprise he stole all our savings. But the FSa would not accept any liability for it’s actions or lack of regulation.

Leave a comment