This month, the FSA emailed an online questionnaire to firms requesting information about the possible effects of the RDR proposals on their business.
The regulator made the addresses of advisers receiving a carbon copy plainly visible in the email.
PanaceaIFA community portal chief executive Derek Bradley says the FSA should consider internal action over the failure to protect the personal data of firms it regulates. He says: “I am reminded of the fines for poor management of internet security. On February 14, 2007, for
example, the FSA fined Nationwide Building Society £980,000 for failing to have effective systems and controls to manage its information security risks.
“At the time, the FSA’s director of enforcement Margaret Cole said firms’ internal controls are fundamental in ensuring customers’ details remain as secure as they can be.
“On this occasion, will the FSA fine or discipline its employee? A bit of humility would be a starting point in that accidents can and do happen – even to the FSA.”
An FSA spokesman would not comment on whether any internal disciplinary action would be taken but says: “For one batch of those RDR emails sent to a big number of firms, a mistake was made. It was a genuine mistake, for which we apologise.”
Finance and Technology Research Centre director Ian McKenna says: “This is worrying, given that adviser firms are prime targets for fraudsters
because of the depth of information they hold about clients. If a fraudster got hold of this email, it would save them many hours’ work in ourcing this information themselves.”