Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Published byDina Wilkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008."— Presentation transcript:

1 Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008

2 Disclaimer 1.This presentation does not constitute specific legal advice 2.This talk is to raise awareness – not to solve specific problems 3.Opinions, errors and omissions are the speaker’s alone 4.This talk is designed to engender discussion about the risks associated with data security within the FSA regulated sector

3 17 September 2008 Why do we keep records?

4 17 September 2008 Data security: security of what?

5 17 September 2008 Rules, rules and more rules… Data Protection Act 1988 The Human Rights Act Telecommunications (Lawful Business Practice) Interception of Communications Regulations 2000 Companies Act Freedom of Information Act ….

6 17 September 2008 Data Protection Act 1998 “personal data” means data which relate to a living individual who can be identified— (a)from those data, or (b)from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. Section 1 Data Protection Act 1998

7 17 September 2008 Data Protection Principles The Data Protection Act 1998 - ‘The Eight Principles’ Fair and lawful processing Obtained for one or more lawful process Adequate, relevant and not excessive Not kept for longer than is necessary Processed in accordance with the data subject’s rights Appropriate technical measures to prevent unauthorised access, loss, damage or destruction No non-EEA data transfers without adequate levels of protection of data subject’s right

8 17 September 2008 FSA definition of ‘Data’ and ‘Personal Data’

9 17 September 2008 FSA Statutory Objectives Statutory Objectives market confidence: maintaining confidence in the financial system; public awareness: promoting public understanding of the financial system; consumer protection: securing the appropriate degree of protection for consumers; and the reduction of financial crime: reducing the extent to which it is possible for a business to be used for a purpose connected with financial crime.

10 17 September 2008 The FSA’s approach to regulation Risk based compliance Large firms = safe? Small firms = risky? Principles based compliance No rule to point to One size doesn’t fit all

11 17 September 2008 Regulatory overlap: FSA v ICO Statutory objectives Fair and lawful processing Obtained for one or more lawful process Adequate, relevant and not excessive Not kept for longer than is necessary Processed in accordance with the data subject’s rights Appropriate technical measures to prevent unauthorised access, loss, damage or destruction No non-EEA data transfers

12 17 September 2008 Regulatory overlap: FSA v ICO Principles for Business –Principle 3 – Systems and Controls –Principle 6 – Customer’s Interests –Principle 10 – Protection of Client Assets Fair and lawful processing Obtained for one or more lawful process Adequate, relevant and not excessive Not kept for longer than is necessary Processed in accordance with the data subject’s rights Appropriate technical measures to prevent unauthorised access, loss, damage or destruction No non-EEA data transfers

13 17 September 2008 Current initiative – ‘Treating Customers Fairly’ Fair and lawful processing Obtained for one or more lawful process Adequate, relevant and not excessive Not kept for longer than is necessary Processed in accordance with the data subject’s rights Appropriate technical measures to prevent unauthorised access, loss, damage or destruction No non-EEA data transfers Regulatory overlap: FSA v ICO {

14 17 September 2008 Stuff the ICO, the FSA is the new data protection regulator! ICO: £ 5,000 fine; personal liability for company officers; imprisonment FSA: unlimited fines; personal liability for Approved Persons

15 17 September 2008 ISO 27002:2005 – Code of Practice for Information Security Management Data Management 2. Security Policy 3. Organization of Information Security 5. Human Resources Security 4. Asset Management 7. Communications and Operations Management 6.Physical and Environmental Security 8. Access Control 10. Incident management 9. Information Systems Acquisition, Development, Maintenance 11. Business Continuity 12. Compliance

16 17 September 2008 Would you recognise when you have a data security issue?

17 17 September 2008 Their loss is your [potential] loss HBOS Alliance & Leicester Royal Bank of Scotland Scarborough Building Society Clydesdale Bank Natwest United National Bank Barclays Bank Co-operative Bank HFC Bank The Post Office CGNU BNPP Private Bank Nationwide Building Society Capita Financial Administrators Merchant Securities Group …to be continued?

18 17 September 2008 Steven Harrison John Shelvin Mail Source/Graphic Data …

19 17 September 2008 What is the biggest threat to data security in your firm?

20 17 September 2008 The true cost of good data management How to get senior management buy-in Protecting the firm’s reputation – 99% Protecting the firm’s assets - 84% Improving efficiency/cost reduction – 75% Enabling business opportunities - 68% Source: BERR 2008 Report

21 17 September 2008 Where do you go from here?

22 17 September 2008 Think laterally, not literally! Risk assess Draft, implement and test policies and procedures Train your staff appropriately Read widely from multiple sources, and assess relevance to your firm.

23 17 September 2008 Further Reading FSA Data Security in Financial Services Report – April 2008 - http://www.fsa.gov.uk/pubs/other/data_security.pdf http://www.fsa.gov.uk/pubs/other/data_security.pdf The BERR 2008 Information Security Breaches Survey - http://www.berr.gov.uk/files/file45714.pdf http://www.berr.gov.uk/files/file45714.pdf FSA Enforcement Action Final Notices - http://www.fsa.gov.uk/Pages/Library/Communication/Notices/Final/ http://www.fsa.gov.uk/Pages/Library/Communication/Notices/Final/ Information Commissioner’s Office Enforcement Actions - www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx Information Commissioner’s Office Good Practice Guides - http://www.ico.gov.uk/tools_and_resources/document_library/data_prote ction.aspx http://www.ico.gov.uk/tools_and_resources/document_library/data_prote ction.aspx

24 17 September 2008 Further Information or Assistance Email: Elizabeth.Nelson@b2bregulatorysupport.co.uk Website: www.b2bregulatorysupport.co.uk Tel: 0870 042 1048

Download ppt "Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008."

Similar presentations

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Innovation or Necessity? ISM 158 By: Sepehr Saeb.

Innovation or Necessity? ISM 158 By: Sepehr Saeb.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Implementation of Security and Confidentiality in GP Practices.

Implementation of Security and Confidentiality in GP Practices.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Presentation to Senior Management 2007. MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.

Presentation to Senior Management MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.

Similar presentations

Ads by Google