Data security refers to the way that firms put in place systems and controls to prevent their consumers' personal details, such as address, date of birth, national insurance number, earnings, account details, etc, from being accessed by criminals.
Firms have legal and regulatory responsibilities to safeguard their consumers' data.
This information is a valuable black market commodity and is being bought and sold by criminals – often through the internet – in order to commit identity theft and related crimes, such as account takeover and mortgage fraud. The National Fraud Authority estimated that every year in the UK identity fraud costs more than £2.7bn and affects over £1.8m people.
Our Financial Crime Operations team concluded a piece of thematic work looking at firms' controls around personal consumer data, which we published in April 2008. We visited 39 firms, including retail and wholesale banks, investment firms, insurance companies, financial advisers and credit unions.
Since the publication of this report we have visited firms and found a general improvement in the standards of data security.
Our report contains examples of good practice and areas for improvement, which we expect firms to use when assessing and improving their systems and controls. We've also produced a tailored factsheet to help small firms understand how they can improve.
Thematic work: Data Security in financial services [PDF] - April 2008
Factsheet: Your responsibilities for customer data security [PDF] -April 2008
We have reviewed the way that firms disclose personal data in various pieces of communication with their consumers; for example, when sending out personal pension statements or on an invitation to take-up a new financial product.
Find out more about the examples of poor practice we discovered, together with examples of good practice that firms can use to enhance their data security procedures.
Data security and consumer communications: Examples of good and poor practice - December 2008
Back to top
