The ICO discusses Physical Security as part of Information security principle 7, contained within its guide. As an example to illustrate the importance of Physical Security, the ICO says that an organisation should ensure “that desk-top computer screens in its offices are positioned so that they cannot be viewed by casual passers-by.”
The FSA published guidance in 2008 that made specific reference to managing the risk of individuals using phone cameras to capture information on screen and the importance of data security and physical IT security. They were concerned that few organisations had taken steps to reduce the risk posed by individuals “taking photographs of customer data on screen” using “high-end mobile phones”. It also called for organisations to “review regularly the threats posed by increasingly sophisticated and quickly evolving technology such as mobile phones”.
In regard to employees who regularly work off-site, the FSA commented that “if not properly managed or secured, customer data can be lost or stolen very easily”; firms should “put in place systems and controls to minimise the risk that their operations and information assets can be exploited”. Consumers, it continues “are entitled to rely on firms to ensure their personal information is secure”. Data security, the Authority comments, is also an “essential aspect” of the six Treating Customers Fairly (TCF) outcomes, which give consumers confidence that their “fair treatment” is “essential to the corporate culture”.
Importantly, it’s noted that “Data security is not simply an IT issue and the responsibility for ensuring data security should be coordinated across the business. Senior management, information security, human resources, financial crime, physical security, IT, compliance and internal audit are all examples of functions that have an important role to play in keeping customer data safe.”
The 3M range of privacy products provide the most comprehensive range of solutions for devices in the financial sector, limiting the potential for costly data breaches and aiding compliance to the FCA and ICO guidelines on data security.