Page 63 - 期货和衍生品行业监管动态(2023年10月刊)
P. 63
期货和衍生品行业监管动态
This meant Equifax was unable to cope with complaints it received when the incident
was announced and led to delays in contacting UK customers.
Following the cybersecurity breach, Equifax made several public statements on
the impact of the incident to UK consumers which gave an inaccurate impression of the
number of consumers affected. Equifax also treated consumers unfairly by failing to
maintain quality assurance checks for complaints following the cybersecurity incident,
meaning complaints were mishandled.
Regulated financial firms must have effective cyber security arrangements to
protect the personal data they hold. Firms must keep systems and software up to date
and fully patched to prevent unauthorised access and remain responsible for data they
outsource.
When an FCA-authorised firm becomes aware of a data breach, it is essential it
promptly notifies affected individuals in a way which is fair, clear and not misleading
and implements fair complaints handling procedures.
Therese Chambers, Joint Executive Director of Enforcement and Market
Oversight, said: ‘Financial firms hold data on customers that is highly attractive to
criminals. They have a duty to keep it safe and Equifax failed to do so. They
compounded this failure by the ways they mishandled their response to the data breach.
Regulated firms are on the hook, regardless of whether they outsource or not.
‘The risk of identity theft never stops. Cyber criminals are sophisticated and
innovative; it is imperative that firms maintain the highest standards in data protection.’
Jessica Rusu, FCA Chief Data, Information and Intelligence Officer, said: ‘Cyber
security and data protection are of growing importance to the security and stability of
financial services. Firms not only have a technical responsibility to ensure resiliency,
but also an ethical responsibility in the processing of consumer information. The
Consumer Duty makes it clear that firms must raise their standards.’
50
