The Information Commissioner’s Office (ICO) has found that 11 banks and other financial institutions breached the Data Protection Act after an investigation into complaints about the disposal of customer information in outside bins.
HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough Building Society, Clydesdale Bank, Natwest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank, Nationwide Building Society and the Post Office were all found to have discarded personal information in waste bins or receptacles outside their premises.
The Immigration Advisory Service was also found to have disposed of personal information in similar circumstances.
The ICO has now forced the organisations to sign a formal undertaking to comply with the principles of the Data Protection Act. Failure to meet the conditions of the undertaking was likely to lead to further enforcement action by the ICO and could result in prosecution, said the ICO.
David Smith, ICO deputy commissioner, said, “It is unacceptable for banks and other organisations to carelessly discard their customers’ information. It is vital that banks and other organisations take security seriously.
“Individuals must feel confident that banks and other organisations are safeguarding their personal information.”
The ICO’s investigation into the banks’ disposal of customer information follows evidence supplied by the BBC Watchdog programme, the Sunday Mail and consumer group ScamsDirect.
Comment on this article: firstname.lastname@example.org
Stuart King’s risk management blog:
Dealing with the operational challenges of information security and risk management