When you sign up for a Bank Account, or take out a Bank Credit or Debit Card, did your bank tell you that they would be storing all your details with a 3rd party data processing company in a warehouse in Essex? I bet they didn't.

A BRITISH data processing firm has launched an urgent review after a staff member sold a computer on eBay containing personal details of a million bank customers.
The computer was bought on the online auction site for £35 ($75) by Andrew Chapman, an IT manager from Oxford, in central England, who found the information on the computer's hard drive.

It included bank account numbers, phone numbers, mothers' maiden names and signatures of one million customers of American Express, NatWest and the Royal Bank of Scotland (RBS), the Independent newspaper reported.

It had belonged to data processing company Mail Source which is part of Graphic Data, a company that holds financial information for banks and other organisations.

Why is this information not contained and processed within the Bank? Why is it sitting in a warehouse in Essex.?

Well, that is easy. FSA and Credit Card company regulations are all about risk, and for the Banks to mitigate that risk, and not pay for the costs of protecting it, it is easier, cheaper and risk free for them not to do the processing themselves but pass it off to 3rd party processing companies, therefore excluding them from the FSA regulations.and PCI DSS requirements.

But what about ownership and responsibility. Well obviously the Banks see that once they have passed your details off to someone else to process, then all the risk and responsibility lies with them.

Is no-one in the UK responsible for absolutely anything any more? Politicians, IT consultancies and Banks all work the same scam. Pass it off, its somebody else's problem.

A spokeswoman for Mail Source said the employee who sold the computer had made an "honest mistake" but insisted it had been an "isolated incident".

She said: "The computer was removed from our secure storage facility in Essex and sold on eBay.
"We know which employee took the server and sold it, but we believe it was an honest mistake and it was not intentional to sell it without the server being cleared.

"This is a very unfortunate incident and we are taking measures to ensure it will never happen again."


Here we go again, Oops, sorry, wont do it again.......but really, its too late isn't it, your personal information data is now in the public domain.

Not good enough, not good enough by half.

An RBS spokeswoman said: "Graphic Data has confirmed to us that one of their machines appears to have been inappropriately sold on via a third party.

"As a result, historical data relating to credit card applications from some of our customers and data from other banks were not removed.

"We take this issue extremely seriously and are working to resolve this regrettable loss with Graphic Data as a matter of urgency."

What exactly does 'working to resolve this regrettable loss with Graphic Data' mean. How are you going to resolve loosing something? Once its gone, its gone, its in the public domain. It should not have been lost in the first place and someone must be made responsible for that.

It really is time, as we have said before, for the responsible parties to be prosecuted. Make them understand that we will have no more of this.

Voluntary codes of conduct do not work. Demand a change in the law, and bring it into line with the Sarbanes Oxley style of legislation that makes individual managers not only responsible but also liable, who can be prosecuted and even sent to prison. Corporations do not make decisions, individual Managers and Directors do. They must no longer be able to hide behind a corporate veil of non-responsibility for their actions.

Then, and only then will managers start feeling responsible for your personal data which they hold in trust. It is your personal information they are losing, not theirs.


(source)