News

Banks dumped customer data in outside bins

Antony Savvas

The Information Commissioner’s Office (ICO) has found that 11 banks and other financial institutions breached the Data Protection Act after an investigation into complaints about the disposal of customer information in outside bins.

HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough Building Society, Clydesdale Bank, Natwest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank, Nationwide Building Society and the Post Office were all found to have discarded personal information in waste bins or receptacles outside their premises.

The Immigration Advisory Service was also found to have disposed of personal information in similar circumstances.

The ICO has now forced the organisations to sign a formal undertaking to comply with the principles of the Data Protection Act. Failure to meet the conditions of the undertaking was likely to lead to further enforcement action by the ICO and could result in prosecution, said the ICO.

David Smith, ICO deputy commissioner, said, “It is unacceptable for banks and other organisations to carelessly discard their customers’ information. It is vital that banks and other organisations take security seriously.

“Individuals must feel confident that banks and other organisations are safeguarding their personal information.”

The ICO’s investigation into the banks’ disposal of customer information follows evidence supplied by the BBC Watchdog programme, the Sunday Mail and consumer group ScamsDirect.

 

Comment on this article: computer.weekly@rbi.co.uk

 

Related article:

Couple convicted of stealing data

Intrusion detection systems alive and kicking

 

Stuart King’s risk management blog:

Dealing with the operational challenges of information security and risk management


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy