Chapter 9: Flashcards
Why must firms take care of their customers personal data?
- To comply with data protection regulations.
- Stop personal info falling into criminal hands (fraudsters can undertake financial transactions in customer’s name).
What legal responsibilities do firms have to comply with the Data Protection Act?
- Notify the Information Commissioner’s Office (ICO) that they’re processing info.
- Processing personal info in accordance with the data protection principles.
- Answering subject-access requests received from individuals.
What do the regulations around data protection lay out?
Data protection principles that set out the main responsibilities of organisations.
What do the regulations around data protection require personal data to be?
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it’s processed.
- Accurate and kept up to date; every reasonable step must be taken to ensure that personal data that’s inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than it’s necessary for the purposes for which the personal data is processed.
- Processes in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
What do the regulations require personal data to be processed like?
Require personal data to be processed in a manner that ensures its security. Includes protection against:
* Unauthorised or unlawful processing
* Accidental loss, destruction/damage.
What must a firm do to ensure data protection if it outsources work?
- Assess the organisation can carry out work in a secure way.
- Check that they’re carrying out work in a secure way.
- Take proper security measures.
- Have a written contract with the organisation (lay down how it can use and disclose the info entrusted to it).
What are the purpose of rules which take place during a data breach?
Rules place a duty on all organisations to report certain types of data breach to the relevant supervisory authority. I
Organisations have to report certain types of data breach to the individuals affected where it’s likely to result in a high risk to the rights and freedoms of individuals.
What does the FCA require firms to do about complaints?
FCA requires authorised firms to deal with complaints from eligible complainants promptly and fairly. Eligible complainants are individuals and small businesses.
What does the FCA require firms to have when dealing with complaints?
Written procedures for handling expressions of dissatisfaction from eligible complainants. These should be followed regardless of whether the complaint is oral or written and whether its justified or not, as long as it relates to the firm’s provision of/or failure to provide a financial service.
What should internal complaints-handling procedures provide?
- Receiving of complaints
- Acknowledgement of complaints in a timely manner
- Responding to those complaints
- Appropriately investigating the complaints
- Notifying the complainants of their right to go to the Financial Ombudsman Service (FOS) when relevant.
What does the complaints-handling procedures require the firm to do?
Issue its final response to the complainant within 8 weeks of the date of the original complaint and the complainant must be notified of their right to refer their complaint to the FOS if they’re dissatisfied with the firm’s response.
What must internal complaints-handling procedure make provision for?
Make provision for the complaints to be investigated by an employee of sufficient competence who was not directly involved in the matter that’s the subject of the complaint.
What must the person charged with responding to complaints have the authority to do?
Settle the complaint, including offering redress if appropriate, or should have access to someone with necessary authority.
What should the response adequately address?
Address the subject matter of the complaint and, when a complaint is upheld, offer appropriate redress.
What happens if the firm decides the redress is appropriate?
Firm must provide the complaint with fair compensation for any acts or omissions for which it was responsible and comply with any offer of redress the complainants accepts.
What should any redress for financial loss include?
Should include consequential or prospective loss, in addition to actual loss.
Who should firms make aware of the firm’s complaints-handling procedures?
Firm must take reasonable steps to ensure all relevant employees (including any of the firm’s appointed representatives) are aware of the procedures and endeavor to act in accordance with these.
