Banks in unacceptable data protection breach
The UK Information Commissioner’s Office (ICO) has found 11 banks and other financial
institutions in breach of the Data Protection Act after investigating complaints
concerning the disposal of customer information.
- Alliance & Leicester
- Royal Bank of Scotland
- Scarborough Building Society
- Clydesdale Bank
- United National Bank
- Barclays Bank
- Co-operative Bank
- HFC Bank
- Nationwide Building Society
- Post Office
were all found to have
discarded personal information in waste bins /receptacles outside their premises.
The Immigration Advisory Service was also found to have disposed of personal
information in similar circumstances.
The ICO has now required these organisations to sign a formal undertaking to comply
with the Principles of the Data Protection Act. Failure to meet the conditions of the
undertaking is likely to lead to further enforcement action by the ICO and could result
in prosecution by the Office.
David Smith, Deputy Commissioner, said: “It is unacceptable for banks and other
organisations to carelessly discard their customers’ information. It is vital that banks
and other organisations take security seriously. If they do not, they not only risk further
action from the Information Commissioner but also risk losing the trust of their
customers. Individuals must feel confident that banks and other organisations are
safeguarding their personal information.”
The ICO believes that organisations in breach of the Data Protection Act security
requirements should face a detailed inspection of their security procedures.
Copies of the signed undertakings are available on the ICO website