There has been a surge in demand for advice on
protecting customer data following
Nationwide's £1m fine for failing to safeguard
customer details, consultancy KPMG has said.
The Financial Services Authority fined the building society in
February for failing to monitor large downloads of data after a
laptop theft.
The fine has prompted a flurry of activity from financial
services companies and other businesses, which now see data
security as a board-level issue, said KPMG.
"A lot of organisations are showing a level of paranoia about
data leakage. Many firms now have security programmes sponsored by
someone on the board," said Malcolm Marshall, partner at KPMG.
Marcus Alldrick, former head of security for Abbey National,
said firms sending information to a third party needed controls to
show whether data has been received. "If it has not been received,
there is a potential data leak," he said.
Banks and other organisations are now looking at ways to create
audit trails to record every account transaction, including
non-financial transactions, such as staff viewing customer details,
as part of a drive to protect their information.
"Part of the challenge is storage. If you have a dozen CRM
systems storing data then you have storage problems. Organisations
are putting in more storage and they are not keeping the
non-financial records as long as other records. They are also
focusing on data on high risk servers," said Marshall.
The Nationwide case has also underlined the need for
organisations to ensure they have procedures for verifying that
information they send out in physical formats, such as CD-ROMs, has
been received by the intended recipient.
Alldrick said, "If you are sending information to a third party,
you need controls to show whether the data has been received. If it
has not been received, there is a potential data leak."
Some organisations are calling in forensic computer experts to
investigate leaks when they occur. They are able to trace documents
containing the leaked information on networks, and identify how
they have been passed out of the organisation, KPMG said. The
majority of investigations follow leaks to rivals during merger and
acquisition talks.
FSA fines Nationwide over laptop theft
>>
Marks & Spencer laptop theft threatens
26,000 staff >>
Banks dumped customer data in outside bins
>>
David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated
with managing security
Stuart King’s risk management blog
>>
Dealing with the operational challenges of information security and
risk management
Comment on this article:
computer.weekly@rbi.co.uk