On February 25, a rather sheepish announcement from the UK’s FCA revealed that, in response to a freedom of information request last November, it had inadvertently made underlying confidential information accessible on its website.
Announcing the inevitable ‘full review of how this could have happened’, the regulator then referred itself to the Information Commissioner’s Office, a non-departmental public body, sponsored by the Department for Culture, Media and Sport, that is responsible for data privacy.
The FCA has enforced some of the largest monetary penalties for data breaches in the UK – including a £16.4 million fine it imposed on supermarket Tesco in 2018.
According to its website, the regulator imposed £392,303,087 in fines for various conduct breaches in 2019.
“While many will see this as embarrassing for the FCA, it now has a real opportunity to go through the same pain as those it regulates and learn from it,” one cybersecurity expert observes.