Mike Maddison, UK Head of Security and Privacy services at Deloitte commented:

"We welcome this report. Following the significant number of well-publicised security breaches over the past year, both the Financial Services Authority and Information Commissioner’s Office have clearly increased their focus on the protection of consumers’ personal data. They expect this to be a board level issue and ignorance is no excuse.

"The Financial Services industry has for some time sought clearer guidance on regulators’ expectations for the protection of consumers’ personal data. The report addresses this by providing concrete examples of what is good and bad practice. This will help organisations to fully understand regulators’ expectations.

"A common challenge for companies is having a complete view of their exposure to the risk of data compromise. Many firms struggle to define what their sensitive date actually is and where that data resides or who it is provided to. Many also struggle to co-ordinate management of these risks which are owned by different parts of the business – for example the Information Security, Physical Security, Data Protection and Record Management functions and most importantly line management who have the ultimate responsibility for protecting data appropriately. The FSA recommendation to appoint a senior manager with overall responsibility for data security, in conjunction with the publication of more information to help management understand their responsibilities’, will go some way towards addressing this."