Banks guilty of breaching data protection rules
UK banks are putting consumers at risk by breaching data protection rules, according to new research from Which?
The consumer body says there were 515 complaints lodged with the Information Commissioner's Office, the body responsible for protecting data privacy, between August 2009 and August 2010.
Barclays fared worst with 116 complaints about breaches of data security followed by Lloyds TSB with 114 and Santander with 103.
"Whenever there is a substantial data breach we ensure we alert the Information Commissioner's Office, the FSA and our customers where appropriate and we do everything we can to minimise the risk," says a spokesperson for Barclays.
"We are committed to delivering sustainable improvements to the service we provide to our customers and we are undertaking a series of initiatives to reduce the number of complaints."
Which? says over half of all complaints arose from firms failing to provide customers with copies of the data held about them properly. Other potential breaches included banks holding inaccurate data about customers, failing to follow security measures and the disclosure of data to third parties.
But the British Bankers' Association has rebuked the figures.
It says many of the complaints are not actually security breaches, but are cases where customers have disputed the information contained on their records or allege that banks have not provided all the personal data they are entitled to receive about themselves under the Data Protection Act.
It claims: "A growing numbers of cases stem from claims handling companies, which dispute their customers' records in order to try to strike out credit agreements.
"All of the UK's banks take data privacy extremely seriously. All complaints are fully and immediately investigated and remedial action taken where necessary to ensure no harm comes to any customer. All banks have robust security processes in place to manage the high volumes of data needed to operate the UK's 140 million personal current accounts".
Lara Lipsey, spokesperson for Santander, told us: "We have a legal obligation to protect customer data and it can't be stressed enough the considerable lengths we go to and measures we employ to protect customer data.
"In the very small number of instances where customers believe something has gone wrong – the Which? investigation found 103 complaints against Santander out of a customer base in the UK of 25 million people – we will look at these in detail to see what has happened."
A spokesperson for Lloyds TSB echoes this view: "We take the issue of data protection extremely seriously and have very strict procedures in place to ensure the security of customer information at all times. Any breach of these procedures is clearly unacceptable and is thoroughly investigated as a matter of urgency."
The Financial Services Authority is an independent non-governmental body, given a wide range of rule-making, investigatory and enforcement powers in order to meet its four statutory objectives: market confidence (maintaining confidence in the UK financial system), financial stability, consumer protection and the reduction of financial crime. The FSA receives no government funding and is funded entirely by the firms it regulates, but is accountable to the Treasury and, ultimately, parliament.