Obligation to protect customer’s information (2014-02-17)

February 20, 2015  3756  3756   

Article issued by CGF Research Institute and DQS South Africa

And whilst some countries across the globe have set tough regulations for companies to follow, many companies still pay scant regard in this respect.  Indeed, as the fines and penalties are becoming more onerous, it may not necessarily be the fines that prompt companies to act more diligently when pondering greater measures to protecting the information within their systems.  The reputational damage caused to companies accused of the underlying poor governance and inadequate data and information security is huge.  The reputational damages and loss of customer’s confidence caused can run into millions of lost revenue as customers seek other companies who are committed to protect their information.

Customers become very concerned -- and rightly so -- when their personal information such as credit card details, passwords, physical addresses, identity numbers and so forth become compromised by those whom were entrusted with such information in the first place.  Not that long ago, Sony Corporation were accused for allegedly losing one hundred and one million customer records, and that as many as ten million customers may have had their credit and debit cards compromised as a result.  Due to the extent of the potential knock-on effects of cyber criminality, the FBI also became involved.

And as expected, financial institutions have also not been left untargeted in this regard.  The most well-known cases in recent times involve the HSBC, Zurich Insurance and Barclays.  In the case of HSBC, in 2009 the bank was fined by the Financial Services Authority (FSA) for £3million for allegedly losing one hundred and eighty thousand customer files containing personal information.  In the FSA’s report, the bank was accused of being “careless with personal details which could have ended up in the hands of criminals.”  Again, the case of Zurich Insurance was not that much different and the FSA fined them £2.27million for allegedly losing the personal details of forty six thousand customers.  Zurich was accused by the FSA saying that “Zurich UK let its customers down badly”; and the CEO of Zurich -- Stephen Lewis -- reportedly said, “this incident was unacceptable.”

Of course, these incidents continue, and they will continue as long as companies remain relaxed about protecting their data and customer’s information.  The only way to rectify this increasing trend is by implementing the necessary (and appropriate) information security systems and staying vigilant against any possible breaches and attacks in this area.  Most recently, Barclays have also been accused of alleged theft involving the sell-off of about twenty seven thousand customer files containing their confidential information.  Notwithstanding any of these cases, the systems and controls to protect information -- and which is a requirement for proper record management governance -- appear in many cases to be weak, and no doubt in smaller companies may be non-existent.

Attached Files

• 20140217_Obligation_to_protect_customers_information 180.68 KB