UK banks breaching data protection rules - Which?

UK banks breaching data protection rules - Which?

The UK's biggest banks and building societies are regularly breaching data protection rules, according to figures obtained by consumer group Which? under the Freedom of Information Act.

The consumer group says that there were 515 complaints lodged with the Information Commissioner's Office (ICO) about possible breaches by eight of Britain's biggest banks and building societies between August 2009 and August 2010 where the office thought it was likely they had broken the rules.

Barclays was the bank with the most suspected breaches with 116 complaints, followed by Lloyds TSB with 114 and Santander with 103.

Over half of complaints arose from firms failing to provide customers with copies of the data held about them properly. Other potential breaches include banks holding inaccurate data about customers, failing to follow security measures and the disclosure of information to third parties.

Which? says that with just 13% of Brits having heard of the ICO, the number of complaints made could be just the tip of the iceberg.

Which? executive director, Richard Lloyd, executive director, Which? says: "Banks and building societies hold incredibly sensitive information and the impact on customers can be serious if they mishandle it, from affecting credit ratings to leaving people open to fraud. Consumers who suffer financial loss or stress as a result of data mismanagement by firms should be entitled to compensation."

The group is also attacking the banking industry over its complaints handling procedures following yesterday's decision by the Financial Services Authority to fine Bank of Scotland £3.5 million over failures.

The FSA says BoS wrongly rejected as many as 45% of 2592 complaints it received about retail investment products between July 2007 and October 2009. The bank failed to investigate complaints properly and analyse trends in its decisions, says the watchdog.

As well as the fine, BoS has paid £2.4 million in compensation and is expected to pay out another £15 million.

Tracey McDermott, acting director, enforcement and financial crime, FSA, says: "This fine reflects BOS's serious failure to treat vulnerable customers fairly. The firm's failure to ensure it had a robust complaint handling process in place led to a significant number of complaints being rejected when they should have been upheld."

Peter Vicary-Smith, CEO, Which? adds: "This case reaffirms the need for a fundamental overhaul to the way the banking industry deals with complaints and illustrates why the Financial Ombudsman Service is so essential. The Government must resist any pressure from the banking industry to weaken it."

Comments: (1)

A Finextra member
A Finextra member 31 May, 2011, 15:04Be the first to give this comment the thumbs up 0 likes

The press release out from Which? linking complaints figures with data breaches is quite misleading. For example, the statement says that Barclays was 'the bank with the most data breaches', but from the figures we can see that they just received more complaints relating to breaches, which is not the same thing at all. Also, roughly speaking, the biggest banks received the most complaints. Again, no surprise there, they have more customers.

Not only are complaints about breaches very different to actual breaches, but over half of those complaints were about firms failing to properly provide customers with copies of the data held about them. This is not a data breach at all.

Whilst these findings are interesting, the figures don't tell us anything about the state of data protection in the industry. Banks take the protection of their customers' sensitive information very seriously and constantly evaluate their data security defences and procedures in order to protect themselves against the possibility of data breaches.