FCA eats humble pie over data spillage
Chris Hamblin, Editor, London, 26 February 2020
The UK's Financial Conduct Authority has sheepishly admitted to having published the personal data of people who had lodged complaints against it on its website.
Far from stating that this was its revenge on its critics, the regulator is claiming that it published their personal details by mistake. The information included names, addresses and telephone numbers. Sometimes it included "other information," a phrase which presumably refers to the nature of the complaints. The FCA does not admit to publishing account details or passport numbers.
The regulator's statement on the subject is a study in linguistic contortion. On its 'data breach' page, it says euphemistically that "certain underlying confidential information may have been accessible," without explaining the difference between underlying confidential information and other types of confidential information. It also does not reveal the identities of the people to whom it made the information accessible, the inference being (although it does not say this) that any member of the general public could have seeen it. Further down the page, it describes the information as "accessible" twice again, while not saying to whom.
The FCA says that it published the information in response to a request that someone had made under the Freedom of Information Act in respect of multifarious grievances that its complaints team had handled between 2 January 2018 and 17 July 2019.
Last month the Pensions Regulator fined the FCA £2,000 for misreporting the details of its pension scheme. The regulator seems to be gaining a reputation for non-compliance.