The Information Commissioner’s Office (ICO) has found 11 banks and other financial institutions in breach of the Data Protection Act after investigating complaints concerning the disposal of customer information.
They are: HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough Building Society, Clydesdale Bank, Natwest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank, Nationwide Building Society and The Post Office. All were found to have discarded personal information in waste bins /receptacles outside their premises.
The Immigration Advisory Service was also found to have disposed of personal information in similar circumstances.
The ICO has now required these organisations to sign a formal undertaking to comply with the Principles of the Data Protection Act. Failure to meet the conditions of the undertaking is likely to lead to further enforcement action by the ICO and could result in prosecution by the Office.
What they say
David Smith, Deputy Commissioner, said: “It is unacceptable for banks and other organisations to carelessly discard their customers’ information. It is vital that banks and other organisations take security seriously. If they do not, they not only risk further action from the Information Commissioner but also risk losing the trust of their customers. Individuals must feel confident that banks and other organisations are safeguarding their personal information.”
The ICO believes that organisations in breach of the Data Protection Act security requirements should face a detailed inspection of their security procedures.
Copies of the signed undertakings are available on the ICO website at http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx
The ICO’s investigation into banks’ disposal of customer information follows evidence supplied by BBC Watchdog, Sunday Mail and consumer group, ScamsDirect.
Data protection principles
The ICO reiterates that anyone who processes personal information must comply with eight principles, which make
sure that personal information is:
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with your rights
Secure; and
Not transferred to other countries without adequate protection.
