The information commissioner has slammed 11 banks for dumping customers’ personal data in rubbish bins outside their premises.
The banks - HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough Building Society, Clydesdale Bank, Natwest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank and Nationwide building society – had breached the Data Protection Act , the commissioner found after investigating complaints.
The Post Office and the Immigration Advisory Service charity were also found to have disposed of personal data in similar circumstances.
The Information Commissioner’s Office has ordered all 12 organisations to sign a formal undertaking to comply with Data Protection Act principles and has said it will take further action – including possible prosecution – if the conditions are not met.
Deputy commissioner David Smith said: “It is unacceptable for banks and other organisations to carelessly discard their customers’ information. It is vital that banks and other organisations take security seriously.”
He added: “If they do not, they not only risk further action from the information commissioner but also risk losing the trust of their customers. Individuals must feel confident that banks and other organisations are safeguarding their personal information.”
Financial institutions are under increasing scrutiny by regulators over their handling of customer data. Last month, the Financial Services Authority slapped a fine of almost £1m on the Nationwide building society for inadequate security controls, following the theft of one of its laptops containing customer names, addresses and account details.