The Financial Services Authority has issued its first ever fine to a company for poor data protection practices.

Stockbroking firm Merchant Securities Group was fined £77,000 for having poor security controls and not protecting client details properly.

The fine was imposed even though there was no evidence that a breach had taken place.

Margaret Cole, director of enforcement at the FSA, said: "It is unacceptable that, despite increased awareness of data security issues, a firm should be so careless about its systems for protecting customers' personal details.

"People have a right to expect their details to be kept secure and firms should be committed to treating their customers fairly in all aspects of their business."

Cole warned that the FSA will not wait until information has been lost or stolen before taking action against a firm.

"The level of the fine for a firm of this size should serve as a warning to others to take data security seriously," she said.

FSA inspectors discovered the lack of controls during an inspection in September 2007.

These included staff taking unencrypted client information out of the office and storing it at home, and poor procedures for identifying clients over the telephone.

"This fine is clearly intended to act as a warning to firms that fail to take data security seriously," said Jamie Cowper, director of marketing at PGP Corporation.

"The next financial services organisation that suffers a data breach might face a much higher financial penalty.

"What's different about this incident is that, through luck rather than judgement, no breach has occurred. With the FSA now proactively using its powers to safeguard customer information, other financial services companies must take note."

Merchant Securities Group co-operated fully with the FSA investigation and agreed to settle quickly. For this cooperation the FSA reduced the original fine of £110,000 by 30 per cent.