20 August 2017
Richard Bird

Richard Bird

Richard Bird - JPMorgan Chase

9Posts 30,190Views 2Comments
Finextra community

Transaction Banking

A community for discussing technology trends, views and perspective in global transaction banking
A post relating to this item from Finextra:

FSA fines HSBC units £3.2m for losing customer data

22 July 2009  |  8408 views  |  0
2784.jpg
The Financial Services Authority has hit HSBC with fines totalling £3.2 million for security failings at three units that led to the loss of sensitive customer data, putting thousands at risk of ident...

Lost - As Defined by an 11 Year Old

22 July 2009  |  3670 views  |  3

Show of hands, how many of us remember the good old days? You remember those days, when "lost" meant something like:

"I came home and set my car keys down and then moved some stuff around - when I got up in the morning, I couldn't find my keys. They were lost."

or

"My wife and I took a trip with the kids to Washington, D.C. On the way to Arlington Cemetary, I misread the map (in those days Rand McNally was the only GPS you ever needed), took a wrong turn - and we got lost."

I'm puzzled by the use of the term "lost" in HSBC's recent activities that have resulted in £ 3.2 million in fines. Since when does "lost" mean using the postal system to send unencrypted, and private, client information? When does "lost" mean conciously and willfully ignoring your own compliance team - and yet again mailing unencrypted, and private, client information through the post?

I guess leaving files out out shelves and desks means that it is "lost" as well.

Those of us with children have heard this definition of "lost" before. My 11 year old came home from summer camp a few days ago, and was distressed that he had "lost" his iPod. I asked how. He said "Well, we went to the dining hall and I was listening to my iPod. I got to talking with some friends and I took my iPod off and set it on the table. When we left to go swimming, I left it sitting on the table. When I came back 4 hours later - it was GONE! I can't believe I lost it!"

HSBC got off terribly easy in what was certainly an enormous failure of operational process and leadership within their company. In fact, in many other instances, particularly if the failure could be pinned to a single employee - HSBC itself would have regarded these breaches as bordering on criminal negligence. While it is not clear in the article who applied the term "lost" to this situation, it is shameful if either the FSA or HSBC (or both) determined that "lost" was the right way to report this failure to the street.

Because, much like it is with our children - the only thing worse than failing to do what you are supposed to do, is lying about it when you are caught.

TagsSecurityRisk & regulation

Comments: (4)

Matt White
Matt White - Finextra - Toronto | 22 July, 2009, 14:47

The FSA statement says "failings contributed to customer data being lost in the post".

To be honest, I don't have a problem with the word in this context.

Chambers 21st Century Dictionary: lose (lost, losing) 1a to fail to keep or obtain something, especially because of a mistake, carelessness etc.

But then I wrote the story so maybe I'm just looking to justify following the FSA's lead...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Richard Bird
Richard Bird - JPMorgan Chase - Columbus | 22 July, 2009, 15:19

No offense intended to you Mr. White. I assumed that the application of the word came from the FSA or HSBC, primarily because it is a convenient use of a term most often reserved for an individual's personal responsiblity rather than a corporation's liabilities.

Most importantly, I'm glad that the story was reported on and brought into the open.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Matt White
Matt White - Finextra - Toronto | 22 July, 2009, 16:46

No offence taken. I like the blog - if the word 'lost' is ambiguous, you've certainly cleared it up!

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Stanley Epstein
Stanley Epstein - Citadel Advantage Ltd - Modiin | 23 July, 2009, 05:21

It's not so much the loss of the data but rather the manner of the loss that is important. It's this blind assumption that if you put something in the post it will simply get there (which is true most of the time). The problem is that people simply don't think in terms of risk or potential problems. At issue is the correct procedures (which there appear to be) and an understanding by the relevant staff of the need for and the use of these procedures. The key is training, training, training! And this is not easy when you are dealing with staff that doesn't see "risk" as a part of their function.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Richard

It Would Almost Be Funny If It Wasn't So Sad

31 August 2009  |  5187 views  |  0 comments | recomends Recommends 0 TagsCardsSecurityGroupTransaction Banking

Is This Thing On? Captain Obvious - Is That You?

24 July 2009  |  3175 views  |  0 comments | recomends Recommends 1 TagsRetail bankingGroupTransaction Banking

Lost - As Defined by an 11 Year Old

22 July 2009  |  3670 views  |  3 comments | recomends Recommends 1 TagsSecurityRisk & regulationGroupTransaction Banking

The Unicorn in the Middle Office - What Technology Isn't

20 July 2009  |  3348 views  |  2 comments | recomends Recommends 2 TagsRisk & regulationRetail bankingGroupTransaction Banking

How I Learned to Stop Worrying and Love the ATM Bomb

16 July 2009  |  2989 views  |  0 comments | recomends Recommends 2 TagsSecurityRetail banking

Richard's profile

job title Vice-President Information Risk Manager
location Columbus
member since 2009
Summary profile See full profile »
Seasoned financial services veteran in; information and operations risk management, hedge fund administration, retail bank and treasury operations, commodities trading and M&A due diligence.

Richard's expertise

Member since 2009
9 posts2 comments
What Richard reads
Richard's blog archive
2009 (9)

Who's commenting on Richard's posts