The UK's Information Commissioner's Office (ICO) has found 11 financial institutions in breach of the Data Protection Act after they dumped customers' personal details in outdoor bins.
The ICO investigation was triggered by a complaint from consumer group Scamsdirect which accused NatWest of failing to dispose of customer information securely after it found customer details dumped outside a RBS/NatWest branch in Fareham, Hampshire.
Following its investigation the ICO found 11 institutions in breach of the Data Protection Act after they discarding personal customer data in waste bins and bags outside their premises.
The banks involved are HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough Building Society, Clydesdale Bank, Natwest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank, Nationwide Building Society. The UK's Post Office was also found in breach of the act.
The watchdog has now ordered the firms to sign a formal undertaking to comply with the principles of the Data Protection Act. Failure to abide by the rules will lead to further enforcement action and could result in prosecution.
David Smith, ICO deputy commissioner, says it is "unacceptable for banks and other organisations to carelessly discard their customers' information".
"It is vital that banks and other organisations take security seriously. If they do not, they not only risk further action from the Information Commissioner but also risk losing the trust of their customers," says Smith. "Individuals must feel confident that banks and other organisations are safeguarding their personal information."