Study warns of bank 'data breaches'
Britain's biggest banks appear to be breaching data protection rules "with alarming regularity", a consumer group has said.
Which? Money said during the year to the end of August 2010, 515 complaints were lodged with the Information Commissioner's Office (ICO) about possible data protection breaches by the country's eight largest banks and building societies in which the ICO thought it was likely the company concerned had broken the rules.
But the consumer group, which obtained the data through a freedom of information request, said with only 13% of consumers having heard of the ICO, the number of breaches that were actually reported could be just the "tip of the iceberg".
Barclays was found to have the highest level of suspected breaches at 116 complaints, followed by Lloyds TSB, which is owned by the part-nationalised Lloyds Banking Group, at 114 and Santander at 103.
More than half of the complaints arose as a result of the banks failing to provide customers with proper copies of the data they held on them. Other potential breaches included banks holding inaccurate data about customers, staff failing to follow security measures and the disclosure of data to third parties.
Richard Lloyd, executive director of Which?, said: "Consumers who suffer financial loss or stress as a result of data mismanagement by firms should be entitled to compensation. Regulators need to impose much tougher sanctions on firms who are lax with people's data as the message clearly isn't getting through."
The group also found evidence that the way banks and other financial services firms handled data was getting worse. It said that while data-related complaints against other organisations, such as local authorities and HM Revenue & Customs, were going down, the number of complaints made against financial services companies rose to 1,173 in 2009, up from 1,060.
A Barclays spokeswoman said: "Barclays takes its data protection responsibilities very seriously - we have no greater priority than the security of our customers' money and personal information.
"Which?'s numbers represent assessments, not breaches. For half of the assessments in the period mentioned, we demonstrated we were compliant and the majority of those upheld were in relation to subject access requests - not breaches of data security as such. Whenever there is a threat of a data breach we ensure we alert the ICO, Financial Services Authority and our customers and do everything we can to minimise the risk."
A Santander spokesman said: "Santander has a legal obligation to protect customer data and it can't be stressed enough the considerable lengths we go to and measures we employ to protect customer data. In the very small number of instances where customers believe something has gone wrong - the Which? investigation found 103 complaints against Santander out of a customer base in the UK of 25 million people - we will look at these in detail to see what has happened."