ICO investigates 791 reported breaches of the Data Protection Act by UK banks, building societies and insurance firms
London – June 2015 – Egress Software Technologies, a leading provider of encryption services, has today released figures from a Freedom of Information (FOI) request to the Information Commissioner’s Office (ICO) that demonstrate a concerning 183% rise in reported Data Protection Act (DPA) breach investigations within the financial services industry in the last two years. This increase saw an alarming 585 incidents reported to the ICO during 2014 alone – more than three times the amount of incidents reported by the legal sector for the same period, which reported 187. In total, 791 incidents have been investigated since the start of 2013.
The research shows that all of the UK’s major banks and lenders – including Barclays, HSBC, Lloyds Banking Group, Natwest, Nationwide and Santander – have reported multiple incidents to the ICO in the last two years. These figures come at a time of increased scrutiny of how the financial services industry handles confidential personal and corporate data. Most recently, the Bank of England was revealed to have inadvertently sent highly sensitive financial information regarding the UK’s EU membership to the wrong email address. In fact, human error continues to drive up the number of breaches in all sectors, with the findings of a FOI request submitted by Egress in November 2014 revealing it responsible for 93%.
Across all industries, the ICO has issued civil monetary penalties in excess of £7.5m, £455,000 of which were levied against financial services organisations. This figure could potentially be set to rise when proposed reforms to the EU General Data Protection Regulation comes to power in the coming years. It is expected that the new legislation will introduce fines of up to 2% of annual turnover for a breach.
Egress CEO Tony Pepper comments: “The financial services industry has a responsibility to us all to ensure that the information they manage on our behalf, including bank accounts, mortgages and insurance policies is protected in a highly secure way. Today’s report, however, casts some major concerns over the mistakes they’re making with the information entrusted to them, whether that be citizens’ personal details or highly confidential reports about the economic future of the country. It is staggering to see financial services firms reporting more than three times the number of incidents than the legal sector, which has recently come under targeted fire from the ICO. Today’s findings suggest that similar, if not harsher, criticism ought to be levied at the banks, building societies and insurance firms too.
“With planned reforms to EU General Data Protection Regulations, the financial services industry must take action now or risk falling foul of laws that could see much tougher penalties handed out for a data breach. In fact, it is interesting to note that the monetary penalties issued by the ICO to this sector have historically been so low – perhaps one of the reasons we’re seeing such apparent complacency when it comes to encrypting and controlling the sensitive information financial firms hold. The technology exists for this industry to secure their confidential information – now more than ever is the time for them to implement it.”
For press enquiries, please contact Spark Communications:
Tel: +44 (0) 20 7436 0420
For more information about Egress Software Technologies, please contact Rebecca Bailey - Marketing and Communications:
Tel: +44 (0) 207 624 8500
About Egress Software Technologies
Egress Software Technologies is the leading provider of hosted and on-premise encryption services designed to secure all forms of electronic information and delivered to customers in both the Public and Private Sectors via a single platform: Egress Switch.
As the first, and currently only, CESG CPA Foundation Grade certified email encryption product on the market, Switch Secure Email enables customers to share highly sensitive information over the internet, without the need to manage external third party credentials. The award-winning Switch portfolio of products also includes Secure File Transfer, Secure Web Form and the latest online collaboration offering, Secure Workspace.
Using patented key management, the platform utilises a unique community-based licensing model known as ‘the Egress Trust Network’ that consists of paying and free Switch subscribers, who are able to share information securely with one another using a single global identity.