It’s rarely made public, but banks and building societies put your details at risk hundreds of times a year. And yet they hold some of our most sensitive data – so why can’t we trust them with it?
It’s almost impossible for us to find out just how good banks are at keeping our financial details safe.
That’s why we used Freedom of Information Act requests to the Information Commissioner’s Office (ICO) to find out how many data protection breaches banks and building societies have made. From August 2009 to August 2010 there was a total of 515 likely breaches made by eight of the UK’s biggest banks and building societies.
What happens when banks break the rules?
The Information Commissioner’s Office (ICO), which is responsible for upholding the rights we have over our personal data, has the power to force banks to take action or even fine them when they break the rules. But if the ICO decides that such action isn’t necessary to deal with the problem, the breach is not made public – this was the case in all 515 likely breaches made.
Barclays was the bank with the most potential breaches with 116 complaints, followed by Lloyds TSB with 114 and Santander with 103.
Over half of all complaints arose from firms failing to provide customers with copies of the data held about them properly. Other potential breaches included banks holding inaccurate data about customers, failing to follow security measures and the disclosure of data to third parties.
Our research also shows that only 13% of consumers know that they can complain to the ICO. Plus, there’s no obligation for an organisation to tell its customers or the ICO about the potential data protection breaches it has made, which means the 515 complaints we know about are probably just the tip of the iceberg.
What needs to change?
So what needs to change here? For a start, it should be made a requirement for banks and building societies to tell the ICO about all potential breaches. Plus, banks need to compensate people if a breach has caused them stress or they have had to spend time fixing the problem, such as by cancelling and ordering new bank cards.
We also want the ICO to publish all breaches it has come across on its website so that customers won’t be kept in the dark about the safety of their data anymore.
Do you feel that your financial details are safe with your bank? Have you ever experienced problems due to a data breach?