Compliance Guide:Financial Services Authority code of conduct
The UK's financial regulator, the FSA has powers of investigation and enforcement under the Financial Services and Markets Act and promotes a code of conduct by which financial organisations must operate. These rules can be far reaching and are certainly applicable to the protection of client data. Organisations therefore need to take necessary steps to prevent the accidental loss, theft and unlawful use of client data.
The FSA Handbook states: 'a firm must arrange adequate protection for clients assets when it is responsible for them'
The FSA Senior Management Arrangements, Systems and Controls Sourcebook (SYSC) requires that firms: 'take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime.'
Under the UK Data Protection Act any organisation which processes personal data must take appropriate measures to prevent accidental loss, destruction, or damage to personal data. The Information Commissioners Office (ICO) provides guidance on how to ensure an organisation complies with the requirements of the Data protection Act.
Principle 7 of the Data Protection Act states: 'Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.'
Beyond guidance, the ICO may also impose fines of up to £500,000 where there has been a "serious contravention" of one of the Act's eight principles; and it has to have been of a kind likely to cause substantial damage or substantial distress and either:
the contravention was deliberate; or
the data controller knew or ought to have known that there was a risk that the contravention would occur, and that such a contravention would be of a kind likely to cause substantial damage or substantial distress, but failed to take reasonable steps to prevent the contravention.
There is no "one size fits all" solution to information security and each organisation needs to establish the risk associated with the data it processes and take suitable steps to protect it.
DESlock+ provides a complete set of encryption tools designed to protect data stored on laptops, USB flash drives and disk caddies, email and attachments plus files, folders, virtual disks and complete archives.
The DESlock+ Enterprise Server allows centralised deployment and control of encryption keys, full-disk encryption and security policy on a per-user and workstation basis. The Enterprise Server manages users via the corporate LAN or via the internet preventing mobile and home-workers from falling outside your security policy.