There has been a surge in demand for advice on protecting customer data following Nationwide's £1m fine for failing to safeguard customer details, consultancy KPMG has said.
The Financial Services Authority fined the building society in February for failing to monitor large downloads of data after a laptop theft.
The fine has prompted a flurry of activity from financial services companies and other businesses, which now see data security as a board-level issue, said KPMG.
"A lot of organisations are showing a level of paranoia about data leakage. Many firms now have security programmes sponsored by someone on the board," said Malcolm Marshall, partner at KPMG.
Marcus Alldrick, former head of security for Abbey National, said firms sending information to a third party needed controls to show whether data has been received. "If it has not been received, there is a potential data leak," he said.
Banks and other organisations are now looking at ways to create audit trails to record every account transaction, including non-financial transactions, such as staff viewing customer details, as part of a drive to protect their information.
"Part of the challenge is storage. If you have a dozen CRM systems storing data then you have storage problems. Organisations are putting in more storage and they are not keeping the non-financial records as long as other records. They are also focusing on data on high risk servers," said Marshall.
The Nationwide case has also underlined the need for organisations to ensure they have procedures for verifying that information they send out in physical formats, such as CD-ROMs, has been received by the intended recipient.
Alldrick said, "If you are sending information to a third party, you need controls to show whether the data has been received. If it has not been received, there is a potential data leak."
Some organisations are calling in forensic computer experts to investigate leaks when they occur. They are able to trace documents containing the leaked information on networks, and identify how they have been passed out of the organisation, KPMG said. The majority of investigations follow leaks to rivals during merger and acquisition talks.
David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated with managing security
Stuart King’s risk management blog >>
Dealing with the operational challenges of information security and risk management
Comment on this article: [email protected]