A post relating to this item from Finextra:
22 July 2009 | 8567 views | 0
The Financial Services Authority has hit HSBC with fines totalling £3.2 million for security failings at three units that led to the loss of sensitive customer data, putting thousands at risk of ident...
Show of hands, how many of us remember the good old days? You remember those days, when "lost" meant something like:
"I came home and set my car keys down and then moved some stuff around - when I got up in the morning, I couldn't find my keys. They were lost."
"My wife and I took a trip with the kids to Washington, D.C. On the way to Arlington Cemetary, I misread the map (in those days Rand McNally was the only GPS you ever needed), took a wrong turn - and we got lost."
I'm puzzled by the use of the term "lost" in HSBC's recent activities that have resulted in £ 3.2 million in fines. Since when does "lost" mean using the postal system to send unencrypted, and private, client information? When does "lost" mean conciously
and willfully ignoring your own compliance team - and yet again mailing unencrypted, and private, client information through the post?
I guess leaving files out out shelves and desks means that it is "lost" as well.
Those of us with children have heard this definition of "lost" before. My 11 year old came home from summer camp a few days ago, and was distressed that he had "lost" his iPod. I asked how. He said "Well, we went to the dining hall and I was listening to
my iPod. I got to talking with some friends and I took my iPod off and set it on the table. When we left to go swimming, I left it sitting on the table. When I came back 4 hours later - it was GONE! I can't believe I lost it!"
HSBC got off terribly easy in what was certainly an enormous failure of operational process and leadership within their company. In fact, in many other instances, particularly if the failure could be pinned to a single employee - HSBC itself would have regarded
these breaches as bordering on criminal negligence. While it is not clear in the article who applied the term "lost" to this situation, it is shameful if either the FSA or HSBC (or both) determined that "lost" was the right way to report this failure to the
Because, much like it is with our children - the only thing worse than failing to do what you are supposed to do, is lying about it when you are caught.