Financial advisers have been warned to tighten their data security as new powers mean they could be fined twice for breaches.
From next April, the Information Commissioner's Office (ICO) will join the FSA as an organisation with the power to fine firms that breach its rules.
It follows a record £3.2m FSA fine handed out earlier this week to HSBC subsidiaries, including more than £1.6m to the group's insurance arm HSBC Life for data security lapses.
City law firm Reynolds Porter Chamberlain (RPC) said the fine represents a huge jump from the £980,000 fine handed to Nationwide Building Society for similar failures in 2007 and suggests the FSA's crackdown will intensify.
But it added an additional threat to firms will come from the new powers granted to the ICO, an independent body promoting the protection of personal information.
"When the ICO gains this power next year, any FSA-regulated firm may well be subject to ‘double jeopardy' fines for data protection breaches," RPC partner Oliver Bray said."One careless mistake by a regulated firm could expose it to fines from both the ICO and FSA."
Under current rules outlined in the Data Protection Act, the ICO cannot issue fines for breaches of the eight data protection principles at the heart of the law. From next April that will change and it will be able to issue fines for knowing or reckless breaches of the Act's principles.
Earlier this week, HSBC Insurance Brokers, HSBC Life and HSBC Actuaries and Consultants were fined a total of £3.2m for failing to protect their customers' personal data.
The three firms were guilty of sending unencrypted client data in the post and leaving confidential files on open shelves and in unlocked cabinets in otherwise well secured offices.
