A trade union at Lloyds TSB is challenging the right of
the bank to send sensitive personal information about its customers
offshore to India for processing.
The union has written to the Information Commissioner seeking a
ruling over whether Lloyds TSB is entitled to send data offshore
without the written consent of each customer.
The complaint follows Lloyds TSB's announcement that it would
close a call centre in Newcastle with the loss of 1,000 jobs and
replace it with a centre in Mumbai, India, by November this
year.
The union’s lawyers argue that the bank is in breach of the Data
Protection Act 1998 because India does not have the high levels of
data protection required in UK law under data protection rules.
If the challenge is successful, it could force other banks and
financial services companies to rethink their decisions to send
data offshore for cheaper processing.
“Our concern is the standard of data protection in India. It is
not covered by the Data Protection Act and it does not have the
same stringent standards as the rest of the European Union,” said
union assistant secretary Peter O’Grady.
The union is backing a complaint made against the bank by an
un-named customer and union member, who has demanded that the bank
does not send personal data outside of the EU.
It argues that records of standing orders, payments and credit
and debit transactions, and personal medical details supplied by
customers of Scottish Widows, could provide an insight into the
personal lives of customers, if not kept securely.
The union said the bank appears to be arguing that though data
on customers can be viewed in India, it has not technically been
transferred abroad but is held in the UK, therefore satisfying the
requirements of data protection legislation.
Law firm Bindman’s, which is acting for the union, claims that
sensitive data can only be transferred outside of the European
Economic Area with customers’ explicit consent.
It argues that this must be in written form if data is
transferred to a country that does not have the same data
protection safeguards as the UK.
Lloyds TSB said in a statement, “We are confident that we comply
with the Data Protection Act and our customers can be reassured
that their personal information is as protected in India as it
would be in the UK.
“The Data Protection Act states that as long as we have measures
in place to ensure an adequate level of protection for personal
data, we are not required to obtain customers’ explicit
consent.”