PL&B UK E-news, Issue 55
14 March, 2007
© Privacy Laws & Business 2007
- ICO finds eleven banks in breach of DPA and publishes their security failings
- Individual wins a compensation settlement in SPAM case
1. ICO finds eleven banks in breach of DPA and publishes their security failings
The Information Commissioner‚Äôs Office (ICO) yesterday (13.3.07) named and shamed eleven banks and financial institutions for breaching the Data Protection Act.
HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough Building Society, Clydesdale Bank, Natwest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank and Nationwide Building Society were all found to have discarded personal information in waste bins outside their premises. The Post Office and the Immigration Advisory Service were found to have similar security breaches.
The ICO has not yet resorted to prosecuting them, but has asked these organisations to sign a formal undertaking to comply with the data protection principles. They have all done so. A failure to meet the conditions of the undertakings is likely to result in enforcement action. This is yet another example of the ICO‚Äôs stricter approach in enforcing the law, and a clear warning to the financial services industry.
Copies of the signed undertakings with details of specific complaints against each bank citing the nature of the personal data discovered and where it was found, are available on the ICO website at http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx.
2. Individual wins a compensation settlement in SPAM case
The Scottish courts have ordered an Internet Service Provider, Transcom Internet Services to pay a claim for damages of ¬£750 plus expenses (a total of ¬£864) for spamming. Mr Gordon Dick was successful in suing the company for sending just one unsolicited advertising e-mail. This case is the second ever spam case in the UK to award damages to an individual. The case was settled before it came to a full court hearing.