To claim that there was no link between this debacle and previous data losses in the HBOS group beggars belief.
Will heads roll, and if so, whose? IT staff at the banking group almost certainly had no direct responsibility for the series of events that led up to this humiliation – but it is surely up to the IT team to come up with some answers.
According to HBOS, data is normally sent out on encrypted discs by secure post. “Unfortunately, due to human error on this occasion the usual policy was not followed,” the company said.
Mistakes like this can only happen when there is either wilful misconduct by an individual or endemic complacency about data security in an organisation regardless of whether it has the right formal policies in place.
HBOS told ComputerworldUK that there was no link between the loss of personal details on 62,000 mortgage customers this month and the loss, in March of 13,000 customer details from the Halifax building society, an HBOS subsidiary. So complacency might well be the answer.
To most IT professionals, and to most ordinary punters, there really is little difference between sending unencrypted customer details in the post and leaving a computer print out of 13,000 mortgage customer details in a car to be stolen. Both are stupid, Both show a cavalier attitude to customers’ personal details.
So will heads roll? Will the government’s Information Commissioner take action as he threatened? Will the HBOS IT department use this debacle to sieze the initiative and take up the fight for data security?
Let’s hope the answer is yes to all three questions.