At St. James’s Place, we take our responsibility to look after your personal information and
privacy seriously. In today’s world, we have all seen a growing trend in cybercrime and
security breaches. We have a number of security measures in place to help prevent fraud
and cybercrime.
If we become aware that a personal data breach has occurred and is likely to result in a
high risk to the rights and freedoms of our clients, Partners or employees, we will inform them
without undue delay.
We have a dedicated group, the ‘Information Security Oversight Committee’, that provides
oversight and guidance to our information security and privacy programme.
The executive body responsible for privacy and data security is the Information Security
Oversight Committee (ISOC) – chaired by the Data Protection Officer. ISOC has a reporting
line that enables effective escalation of issues up to the Board where appropriate.
We educate and train our employees, Partners and contractors on their information security,
fraud prevention and privacy obligations annually.
Our employees, Partners and contractors take part in an annual Information Security training
and awareness program and must agree to adhere to the Data Protection Act and our own
Information Security Policy that are designed to keep your information safe. These are
refreshed each year to reflect the current trends that are being observed across the
information security landscape. Information Security awareness also forms part of our new
employee induction program.
We also educate our employees in identifying potential financial crime and internal fraud;
any suspicious activity is reported to our Financial Crime Prevention team.
When you login, or send us information on the internet we protect the security of this
information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL).
When you use your web browser to login, view or share information with us, all electronic
information exchanged is encrypted using 2048bit SSL (Secure Sockets Layer) certificate. You
can identify this by looking for the HTTPS:// and the padlock in the address bar at the top of
your browser.
We will always interact with you in a safe, secure and consistent manner.
To keep your information secure and to protect our clients from fraud, St. James’s Place will
only interact with you in the following ways. If in doubt, call your St. James’s Place Partner
directly or alternatively email the St. James’s Place Data Protection Office at dpo@sjp.co.uk.
When interacting with you, we will:
- Only send funds that you have requested to be withdrawn to a verified bank account
in your name.
- Verify who you are when speaking to you on the phone, by asking you security
questions.
We will not:
- Ask you for your password over the phone.
- Send you an unsolicited email with a link to our login page asking you to enter your
Online Wealth Account credentials.
- Ask you for payment or credit card details by email or telephone.
- Call you to notify you of a problem, and then request you call us back immediately to
discuss the problem further.
We continually review our physical and logical security controls in place across the business.
Physical controls – As well as protecting your digital information, St. James’s Place also
protects their premises and physical locations where personal data may be used and
stored. These measures include security guards, security entrances, secure disposal of
confidential waste and hardware, CCTV, personal card access and locks on doors and file
storage cabinets, with a ‘clear desk’ policy to ensure all information is locked away and
protected.
Logical controls – St. James’s Place uses technical security measures to make sure our
systems where we store and use personal information are protected from unauthorised
access. Tools such as authentication controls, antivirus, firewalls, malware detection and
back-up procedures are used across the business.
All employee emails and devices are encrypted to enable secure transfer and storage of
personal information.
We conduct security testing of our applications and services in a controlled testing
environment before they are made available for our clients to use on an ongoing basis.
We perform security risk assessments for each of our sites to identify and control risks.
External technical assessments are conducted by an independent external 3rd party.
Security audits and vendor due diligence are conducted on a continual basis.
We have a business resiliency plan with disaster recovery and business continuity testing.
The purpose of Business Continuity Management and the St. James’s Place Business
Continuity Plan, is to provide an effective, predefined and documented framework to
respond to an incident affecting the Group’s activities. The key drivers in developing the
business recovery plans are;
- To mitigate the risks that could lead to the significant disruption of our products and
services to our clients.
- To provide a recovery plan that supports a timely and full restoration of our products
and services for our clients.
However, whilst we take appropriate technical and organisational measures to safeguard
your Personal Information, please note that we cannot guarantee the security of any data
that you transfer over the internet to us.