Regulation  

FCA loses £300k worth of electronic devices

FCA loses £300k worth of electronic devices

The Financial Conduct Authority (FCA) has misplaced a total of 323 electronic devices estimated to be worth £310,600 over the past three years, raising questions about data protection.

A freedom of information request by litigation practice Griffin Law found in the most recent financial year lost devices at the FCA surged by 369 per cent, with 197 devices being reported missing worth an estimated £193,400. 

The firm had asked the FCA for a list of electronic items owned by the regulator that have been recorded as lost or missing by the staff during the financial years 2019, 2020 and 2021.

It found in 2020 losses of 42 devices worth around £41,500 were reported and in 2019 it was 84 worth an estimated £75,700.

Donal Blaney, founder of Griffin Law said: “The Information Commissioner needs to investigate the FCA over the loss of sensitive data on these laptops, phones and tablets.

“There can be no excuse for such carelessness by FCA staff with such expensive gadgets paid for by hard-working taxpayers”.

FTAdviser understands that under data protection rules, the FCA must report certain incidents to the Information Commissioner within 72 hours and that as an independent public body, it is funded entirely by the firms it regulates via fees. 

A spokesperson for the regulator said: “The FCA has strong security measures in place to ensure that data is protected in the event that a device is lost or stolen, including Bring Your Own Devices. 

“We use encryption to protect information on FCA devices and two-factor authentication to ensure only authorised individuals can access the FCA’s network.

"We have clear processes to ensure losses are reported in a timely manner and access to the FCA network through that device is revoked remotely as soon as a loss is reported.

“Staff are also trained to not store sensitive data on their devices, to minimise the risk of data being exposed.”

Tablet computers topped the lost devices list, with 201 lost and 14 stolen across the three financial years, worth an estimated £215,000 in total. Approximately 123 of these devices were reported as lost or stolen in 2021.

Following this was laptops, with 88 going missing over the combined period at a total cost of £88,000, with 68 of these incidents occurring in 2021.

The below shows the data received by Griffin Law in the FOI. 

This comes as last year, the FCA issued a warning to businesses to ‘be responsible when handling client data’.

Cyber expert Edward Blake, area vice President EMEA, Absolute Software, said: “Managing a large, distributed workforce is no easy task, particularly in the midst of a pandemic, and keeping tabs on valuable devices like laptops is growing increasingly difficult.

“If one of these lost devices ends up in the wrong hands, the FCA could be facing consequences far more severe than the cost to replace them.

“Therefore, it is more critical than ever to have a permanent digital connection to every endpoint, as well as the ability to lock, freeze or wipe the device if it is at risk of being compromised.”