FCA warned four staffers who pocketed regulator data The Register

pFour staffers at the UKs Financial Conduct Authority FCA were let off with warnings over separate cases involving the transmission of regulator data to their personal email accountsppThree of the employees at the authority received their first written warning for emailing unspecified data according to a Freedom of Information Act FoI request The financial watchdog looks after vast amounts of data including complaints against companies It also regulates when organizations in the finance sector suffer data breaches and fined credit reference agency Equifax 11 million 157 million for an incident that put millions of UK consumers at risk of financial crimeppThe fourth staffer is already on their final written warning for emailing FCA data to themselves which the body said violates its systems acceptable use policyppThe cases took place in the 202223 financial year and details of a possible fifth violation were included in the FCAs response although they were withheld under section 40 of the FoI Act ppSection 40 exemptions come into play when disclosing information pertinent to the request would likely lead to the identification of the individual at fault No similar incidents were identified in the financial years sinceppThe FCA which employs more than 5000 people did not specify the nature of the data transmitted to personal email accounts or its size although The Register asked it for clarity on the matterppAn FCA spokesperson provided a statement but did not comment on the nature of the data involved in these casesppThey said We take any breaches of our email security policies seriously and have systems and controls in place to manage breaches of email security Breaches can and do result in an investigation and can lead to disciplinary sanctionsppWe have had no such incidents which required disciplinary sanctions in the years 202324 and 202425ppThe regulator is responsible for overseeing the UKs financial services industry and one of its responsibilities is to investigate data mishaps such as those caused by its own staff within organizations under its remitppLike the Information Commissioners Office ICO it has the power to issue punishments such as fines and other sanctions when organizations violate its rulesppYears before these data incidents took place the regulator was forced to own up to a separate blunder involving the accidental leak of data related to people who filed complaints against itppAround 1600 complainants had their personal information including names addresses and phone numbers included in an FoI response uploaded to its website back in 2020ppSince then several other UK public sector organizations have confirmed breaches via similar meansppSouthendonSea City Council Suffolk and Norfolk police and the infamous Police Service of Northern Ireland PSNI breaches all stemmed from mishandling FoI responses with the latter proving especially concerning for those involvedppCommenting on the news of the FCAs four written warnings Patrick Sullivan CEO at the Parliament Street think tank called the conduct involved reckless and irresponsible and called on the regulator to improve its data protection policiesppAndy Ward SVP international at Absolute Security said The FCA is tasked with managing extremely sensitive data and the use of personal email accounts greatly increases the likelihood of a major security breachppAgainst the backdrop of several high profile cyberattacks its vital that all organizations wake up to the very real threat posed by unprotected devices and IT systems and ensure cyber resilience is at the top of the boardroom agendappArkadiy Ukolov cofounder and CEO at Ulla Technology said the scale of these offenses extends far beyond the small number at the FCA tens of thousands of employees are sharing corporate information across personal email and AI assistants every dayppThe reality is that most companies have no idea this is happening or the security risks involved he added Thats why its crucial that robust policies and procedures are put in place so all information can only be shared through secure channels ppSend us newsppThe Register Biting the hand that feeds ITpp
Copyright All rights reserved 19982025

p