Banks break law by binning personal data, says ICO

High street banks are throwing customer information into bins outside their premises in breach of the Data Protection Act, according to privacy watchdog the Information Commissioner.

The Information Commissioner's Office (ICO) has forced 11 banks and financial institutions to sign an undertaking to stick to the Principles laid down in the Data Protection Act when it comes to dealing with customer data.

"It is unacceptable for banks and other organisations to carelessly discard their customers’ information," said David Smith, deputy Information Commissioner. "It is vital that banks and other organisations take security seriously. If they do not, they not only risk further action from the Information Commissioner but also risk losing the trust of their customers. Individuals must feel confident that banks and other organisations are safeguarding their personal information.”

The businesses were found to have discarded personal information in waste bins or receptacles outside their premises. The companies involved were HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough Building Society, Clydesdale Bank, Natwest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank, Nationwide Building Society and The Post Office.

In addition to the financial companies, the Immigration Advisory Service was also found to have disposed of information in a similar way.

The ICO said that if the organisations fail to stick to the undertakings they have signed they will face further action by it, and could face prosecution. It is a criminal offence to fail to comply with an enforcement notice of the ICO.

The office also said that it believed that companies which are found to have lax security which breaches the Data Protection Act should face an information security audit by the ICO.

It was just such an audit conducted by the financial services regulator the Financial Services Authority which led to the almost £1 million fine levied by the FSA against the Nationwide Building Society earlier this year.

The theft of a Nationwide laptop exposed customer details to possible theft, but the FSA told OUT-LAW at the time that the bulk of the fine related to failures in Nationwide information security systems that it found when it performed an audit at the company.