recent work

E*Trade Securities Ltd breaches Data Protection Act

The ICO has today confirmed that financial services company, E*Trade Securities Ltd, lost over 600 customers’ personal details – and after investigation, has been found to have breached the Data Protection Act.

Archived documents, containing identification numbers, proof of address and account application forms that were stored in a facility in the UK went missing back in April 2010, prompting the company to inform the ICO.

It was found that no formal agreement was in place between the document sotrage company and E*Trade; thus compromising the security of the data.

As a result, the organisation has agreed to implement written agreements, ensure appropridate audit trails are in place and record where client files are stored at all times.

Head of Enforcement, Steve Eckersley, said:

“This breach was caused by the company failing to have the necessary security measures in place to keep their clients’ information secure. 

“The fact that customer records are being archived in a storage facility and not regularly accessed does not give businesses license to forget about them. This case demonstrates how important it is to stipulate in writing how long personal information needs to be kept, how regularly it should be reviewed and when it can be securely destroyed.”

Comment
This case highlights a compromise in 5 of the 8 principles of the Data Protection Act. The loss of data has highlighted that the data was not secure, it may not have been accurate and up to date, it may well have been kept longer than necessary, it could have been irrelevant and excessive, and it may not have been processed with the data subjects’ rights in mind.

Absolute Data’s service, DataWise, can help organisations such as E*Trade Securities Ltd reduce the risks they take in protecting their customer’s data. We are committed to help your organisation create robust and effective data protection policies and procedures: we can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. We provide our clients with a data protection toolkit, offering robust and effective solutions in reducing the risk of data breaches. With the ICO’s power to fine up to £500,000 for data breaches, it is worth getting in touch with us to discuss how your organisation can ensure legal data compliance. Contact us now at info@absolute-data.co.uk, or call us on 01423 790125.