Blog article
See all stories »

An article relating to this blog post on Finextra:

FSA fines HSBC units £3.2m for losing customer data

The Financial Services Authority has hit HSBC with fines totalling £3.2 million for security failings at three units that led to the loss of sensitive customer data, putting thousands at risk of ident...


See article

Lost - As Defined by an 11 Year Old

Show of hands, how many of us remember the good old days? You remember those days, when "lost" meant something like:

"I came home and set my car keys down and then moved some stuff around - when I got up in the morning, I couldn't find my keys. They were lost."

or

"My wife and I took a trip with the kids to Washington, D.C. On the way to Arlington Cemetary, I misread the map (in those days Rand McNally was the only GPS you ever needed), took a wrong turn - and we got lost."

I'm puzzled by the use of the term "lost" in HSBC's recent activities that have resulted in £ 3.2 million in fines. Since when does "lost" mean using the postal system to send unencrypted, and private, client information? When does "lost" mean conciously and willfully ignoring your own compliance team - and yet again mailing unencrypted, and private, client information through the post?

I guess leaving files out out shelves and desks means that it is "lost" as well.

Those of us with children have heard this definition of "lost" before. My 11 year old came home from summer camp a few days ago, and was distressed that he had "lost" his iPod. I asked how. He said "Well, we went to the dining hall and I was listening to my iPod. I got to talking with some friends and I took my iPod off and set it on the table. When we left to go swimming, I left it sitting on the table. When I came back 4 hours later - it was GONE! I can't believe I lost it!"

HSBC got off terribly easy in what was certainly an enormous failure of operational process and leadership within their company. In fact, in many other instances, particularly if the failure could be pinned to a single employee - HSBC itself would have regarded these breaches as bordering on criminal negligence. While it is not clear in the article who applied the term "lost" to this situation, it is shameful if either the FSA or HSBC (or both) determined that "lost" was the right way to report this failure to the street.

Because, much like it is with our children - the only thing worse than failing to do what you are supposed to do, is lying about it when you are caught.

4274

Comments: (4)

Matt White
Matt White - Finextra - Toronto 22 July, 2009, 14:47Be the first to give this comment the thumbs up 0 likes

The FSA statement says "failings contributed to customer data being lost in the post".

To be honest, I don't have a problem with the word in this context.

Chambers 21st Century Dictionary: lose (lost, losing) 1a to fail to keep or obtain something, especially because of a mistake, carelessness etc.

But then I wrote the story so maybe I'm just looking to justify following the FSA's lead...

A Finextra member
A Finextra member 22 July, 2009, 15:19Be the first to give this comment the thumbs up 0 likes

No offense intended to you Mr. White. I assumed that the application of the word came from the FSA or HSBC, primarily because it is a convenient use of a term most often reserved for an individual's personal responsiblity rather than a corporation's liabilities.

Most importantly, I'm glad that the story was reported on and brought into the open.

Matt White
Matt White - Finextra - Toronto 22 July, 2009, 16:46Be the first to give this comment the thumbs up 0 likes

No offence taken. I like the blog - if the word 'lost' is ambiguous, you've certainly cleared it up!

Stanley Epstein
Stanley Epstein - Citadel Advantage Ltd - Modiin 23 July, 2009, 05:21Be the first to give this comment the thumbs up 0 likes

It's not so much the loss of the data but rather the manner of the loss that is important. It's this blind assumption that if you put something in the post it will simply get there (which is true most of the time). The problem is that people simply don't think in terms of risk or potential problems. At issue is the correct procedures (which there appear to be) and an understanding by the relevant staff of the need for and the use of these procedures. The key is training, training, training! And this is not easy when you are dealing with staff that doesn't see "risk" as a part of their function.

Blog group founder

Member since

0

Location

0

More from member

This post is from a series of posts in the group:

Transaction Banking

A community for discussing technology trends, views and perspective in global transaction banking


See all