CISI – Financial Products, Markets & Services

Slides:



Advertisements
Similar presentations
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Advertisements

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya
The Data Protection (Jersey) Law 2005.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Information Commissioner’s Office David Evans.
Health & Social Care Apprenticeships & Diploma
Research Paper Presentation Software Engineering in agent systems.
Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.
© May not be reproduced without permission of Financial Ombudsman Service Ltd 1 Financial Ombudsman Service Alison Hoyland Policy Unit Manager, Corporate.
The Data Protection Act 1998 The Eight Principles.
Data Protection Act AS Module Heathcote Ch. 12.
Certificate for Introduction to Securities & Investment (Cert.ISI) Unit 1 Lesson 59:  Breaches, complaints and compensation  The difference between a.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
The Data Protection Act [1998]
The Data Protection Act - Confidentiality and Associated Problems.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
CHO Code of Practice Alternative Dispute Resolution.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
DATA PROTECTION ACT DATA PROTECTION ACT  Gives rights to data subjects (i.e. people who have data stored about them on a computer)  Information.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Data protection—training materials [Name and details of speaker]
Complaint Handling What is a complaint ‘ Any expression of dissatisfaction, whether oral or written, and whether justified or not, from or on behalf.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Data protection act. During the second half of the 20th century, businesses, organisations and the government began using computers to store information.
The Data Protection Act 1998
The Data Protection Act 1998
Learning Intention Legislations impact on security of information
Making the Connection ISO Master Class An Overview.
An Overview for Staff Prepared by MSM Compliance Services Pty Ltd
BAR Independent Alternative Dispute Resolution
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Level 2 Diploma in Customer Service
Privacy principles Individual written policies
Data protection headaches: GDPR, brexit AND perimeter risk
Privacy Impact Assessments (PIAs)
General Data Protection Regulation
Data Protection Act.
The Data Protection Act 1998
Anonymised information
Data Protection Legislation
GDPR - Individual’s Rights
CHAPTER 10 CONSUMER PROTECTION
6 Principles of the GDPR and SQL Provision
G.D.P.R General Data Protection Regulations
Code of Professional Conduct and Ethics of the Profession
Unit 2: Global Information
General Data Protection Regulation
Data Protection principles
Investor protection and MIFID
General Data Protection Regulations 2018
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Identify the laws and guidelines that affect day-to-day use of IT.
Presentation transcript:

CISI – Financial Products, Markets & Services Topic – Financial Services Regulation and Professional Integrity Lesson: 8.4 Data Protection and 8.5 Complaints and Compensation

Examples of data losses

Complying with the Data Protection Act Financial Services Firms that hold and process personal data must be registered with the Information Commissioner The firm is described as the Data Controller Notify the Information Commissioner that they are processing information Process personal information in accordance with the 8 principles of the Act Answer subject access requests from individuals Legal requirements

8 Principles of the Data Protection Act Customer information should be...... 1 Processed fairly and lawfully 2 Obtained for one or more specified and lawful purpose and shall not be processed in any other way 3 Accurate and kept up-to-date 4 Kept for no longer than necessary 5 Processed in accordance with the rights of the subject 6 Adequate, relevant and not excessive for the purpose(s) Protected against unauthorised & unlawful processing, accidental loss, destruction or damage using adequate technical and organisational methods 7 8 Protected against it’s transfer outside of the European Economic Area unless the country ensures it’s protection.

Regulatory Recommendations for keeping data safe Employees should not have access to data beyond what is necessary to do their job. Firms should look to monitor and control all flows of information into and out of the organisation. Removable media should be disabled except when there is a genuine need. Unauthorised staff should not be able to remove information undetected Laptops and other portable devices should be encrypted and wiped when no longer used. Devices should be logged and monitored. Software that tracks all activities should be installed (including web surfing and email traffic) Carry out due diligence on any 3rd party suppliers before agreeing contracts All visitors to the firm’s premises should be logged in and out and supervised while on site.

Complaints and Compensation Complaints are inevitable – sometimes they are valid, sometimes not. The FCA requires authorised firms to deal with complaints from eligible complainants (Individuals and small businesses) promptly and fairly. Firms need.... Written procedures staff must follow if a complaint is made: Make a definitive response to the complaint Reasonable timescale to resolve it If a complaint is verbal or written If a complaint is justified or not Can be followed even for an ‘ineligible’ complainant (business client) Those making a complaint should..... Receive an acknowledgement of the complaint in a timely manner Receive a response to the complaint Have their complaint appropriately investigated Be made aware of their rights to go to the Financial Ombudsman Service Receive a final response within 8-weeks of the date of the complaint

Internal Complaints Procedures Employees appointed to handle the complaint must have sufficient competence. must not have been directly related or involved. must have the authority to settle the complaint. must adequately address the complaint and offer redress where appropriate. must offer fair compensation (address consequential or prospective loss as well as actual loss)

The Financial Ombudsman Service (FOS) Under the FSMA and FCA, the FOS has the power to make rules relating to handling complaints. The FOS is designed to resolve complaints about financial services firms quickly and simply Characteristics of The Financial Ombudsman Service (FOS) Offers an independent view Complainants can use this when dissatisfied with a firm’s final response. Operates a dispute resolution scheme. FOS decisions are binding for firms but not for the complainant. Fair compensation may be payable – no more than £150K

The Financial Services Compensation Scheme (FSCS) If retail banks were to collapse, savers could potentially lose their deposited money. This would create uproar and undermine confidence in the financial system – people would no longer want to keep their money in a bank account. Northern Rock savers withdrawing their money in September 2007 Function of The Financial Services Compensation Scheme (FSCS) Pays out compensation to eligible complainants in the event of a default of an authorised firm. (Excludes professional customers) Similar to an insurance policy paid for by all authorised firms. Compensation: Firms in default – 100% of the first £50K per person per firm for investments. £75K for bank deposits