The Financial Conduct Authority (FCA) has shown exactly how not to deal with complaints, after it accidentally leaked the personal details of some individuals who’d raised grievances about the service.
Names, addresses and telephone numbers of some individuals who’d made complaints to the UK’s City watchdog were kept in a spreadsheet, which was then accidentally leaked in November when the FCA responded to a Freedom of Information request. However, it wasn’t until early February that the leak was discovered, and action was taken.
The FCA also noted that “other information” had also leaked, it didn’t specify exactly what this included.
Whilst the watchdog admitted its fault and referred itself to the privacy authorities, a statement published on fca.org.uk stressed that no financial, payment card or passport details were included in the cache.
The statement said: “We have undertaken a full review to identify the extent of any information that may have been accessible. Our primary concern is to ensure the protection and safeguarding of individuals who may be identifiable from the data.”
It’s thought around 1,600 names were leaked, although the telephone numbers of only half of these were included in the spreadsheet. Once the leak was discovered, the data was taken offline immediately.
In the intervening weeks, the FCA has contacted those affected, offering information about what had happened and advice for next steps to consider taking. Though the FCA took all the right steps following its discovery, the episode is still a rather embarrassing one – especially since it went on record just recently to advise its authorised firms to be responsible with user data. The statement, released jointly with the ICO (Information Commissioner’s Office) and FSCS (Financial Services Compensation Scheme), reinforced the need for companies to “meet their obligations under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).”