The Information Commissioner’s Office
(ICO) has found that 11
banks and other financial institutions breached the Data Protection
Act after an investigation into complaints about the disposal of
customer information in outside bins.
HBOS, Alliance & Leicester, Royal Bank of Scotland,
Scarborough Building Society, Clydesdale Bank, Natwest, United
National Bank, Barclays Bank, Co-operative Bank, HFC Bank,
Nationwide Building Society and the Post Office were all found to
have discarded personal information in waste bins or receptacles
outside their premises.
The Immigration Advisory Service was also found to have disposed
of personal information in similar circumstances.
The ICO has now forced the organisations to sign a formal
undertaking to comply with the principles of the Data Protection
Act. Failure to meet the conditions of the undertaking was likely
to lead to further enforcement action by the ICO and could result
in prosecution, said the ICO.
David Smith, ICO deputy commissioner, said, “It is unacceptable
for banks and other organisations to carelessly discard their
customers’ information. It is vital that banks and other
organisations take security seriously.
“Individuals must feel confident that banks and other
organisations are safeguarding their personal information.”
The ICO’s investigation into the banks’ disposal of customer
information follows evidence supplied by the BBC Watchdog
programme, the Sunday Mail and consumer group
ScamsDirect.
Comment on this article:
computer.weekly@rbi.co.uk
Related article:
Couple convicted of stealing data
Intrusion detection systems alive and
kicking
Stuart King’s risk management blog:
Dealing with the operational challenges of information security
and risk management