Once more on compliance and business integrity. What are we to make of the 11 banks slammed by the information commissioner for dumping customer information in the bin?
And what of the double standard that last month saw the Financial Services Authority fine Nationwide £1m after the theft of a laptop containing customers’ names, addresses and account details, while the information commissioner can only deliver a slap on the wrist to this month’s miscreants?
The FSA says the Nationwide had “systems and controls” failings. Which begs the question: why are there not “systems and controls” in place at the 11 banks to prevent customer details being slung casually into the nearest dustbin?
And why has the FSA left the case of the 11 banks to the Information Commissioner’s Office, an organisation with even less power than the financial services watchdog?
It is probably not worth trying to fathom the workings of our regulatory bodies, but it is worth drawing some conclusions from these events. Whether organisations have a compliance department or compliance teams within the IT department, someone has to lay down the law and make it stick.
If we are to stop the stream of headlines about lost laptops and discarded personal data becoming as regular and predictable as the evening TV soaps, we’ve got to take action. How about a spring offensive on data integrity and security, fronted by the chief executive and driven through by the IT department?