I work in finance and this is frustrating for sure. Unfortunately if Netflix loses account data who cares. But if we lose customer account data it's off to the races to see how much money regulators can drum out of us for not being secure enough. Even if that isn't a real threat, it's a real fear. Now I'm not arguing for or against regulation here, but just you wait until Mint.com or one of these new investment apps get hacked and watch what happens.
I'm going to call BS. At least in the UK banks screw up all the time and never get more than a slap on the wrist. The mobile apps put out are hilariously insecure and get hacked. Payment processors go down. [0]
Often, it seems like the only defence is that skiddies don't have a clue about mainframes that's saving these idiots.
Service failure and data breach are two separate matters. If a UK bank were to suffer a major breach they would be fined heavily by the ICO. Right now limits are at £500k but with the new General Data Protection Regulation potential fine levels will increase steeply...
What, like TalkTalk? Or the police for that matter, who routinely lose sensitive information.
I agree, as long as fines are lower than the CEOs salary + bonuses, these "fines" remain laughable. But based on these other cases, it's unlikely that the ICO would or could do anything to severely impact how a bank operates, which makes them toothless.
As for telling the ICO, well the deputy director of the National Cyber Security Centre (NCSC, part of GCHQ) explicitly said he won't tell ICO if people report breaches to him... so I wouldn't cross my fingers.
