In April 2010 E*Trade Securities Ltd discovered that 608 customer records were lost at a UK based storage facility and despite an investigate were unable to recover the records.
E*Trade Securities Ltd did not have a formal agreement to store the customer information securely and subsequently informed Information Commissioner’s office in December 2010.
E*Trade Securities Ltd has now agreed to take action to keep the personal information it holds secure. This includes implementing written agreements with UK contractors storing client personal data on its behalf and making sure that appropriate audit trails are in place to record where client files are being sent and stored at all times.
Head of Enforcement, Steve Eckersley, said:
“This breach was caused by the company failing to have the necessary security measures in place to keep their clients’ information secure.
“The fact that customer records are being archived in a storage facility and not regularly accessed does not give businesses license to forget about them. This case demonstrates how important it is to stipulate in writing how long personal information needs to be kept, how regularly it should be reviewed and when it can be securely destroyed.”