Banks and credit reference companies are urging the Government to rethink plans to give benefit fraud investigators free rein to access people's bank accounts, credit card details, and credit ratings.
The proposals, contained in the Social Security Fraud Bill, published just before Christmas, give fraud investigators sweeping powers to access personal information held by banks, building societies, utilities and other organisations.
The legislation could affect IT managers attempting to construct rights management processes governing access to personal data to comply with the 1998 Data Protection Act.
The banks are concerned that the Bill gives staff from the Department of Social Security the right to inspect confidential personal data, merely because they think a benefit claimant is "likely" to commit fraud.
"There is much that could go on the whim of investigators. The DSS has assured us there will be a code of practice and proper procedures but we have not seen it," the British Bankers Association said.
The Bill has also alarmed Data Protection Commissioner Elizabeth France, who plans to write to ministers calling for tighter controls on fraud investigators.
The Data Protection Commission this week accused the Government of ignoring its concerns about the data protection implications of the proposals.
"We are concerned about the breadth of powers and the fact that there are very few specific safeguards for individuals," said assistant commissioner Phil Boyd.
The commission believes that inspectors should be able to fight fraud without having access to personal data. If someone is suspected of fraud, they could simply be asked to provide documentary proof of their claims, Boyd said.
"The Government is encouraging banks to create basic bank accounts for people who are on benefits, but they are going to think twice if they think their details are going to be released," the British Bankers Association said.
Ministers have said the new powers will help the DSS cut fraud and errors in benefit payments by 25% by 2004 and 50% by 2006. The DSS said a code of practice would ensure the new powers are not abused.
Trade unions are threatening to use the code to bring legal action against employers guilty of excessive snooping on their workforce's e-mail and Internet habits. But the CBI said businesses should be allowed to decide what level of monitoring is necessary in their particular industry.