Banks were encouraged to improve their data protection practices by two regulatory bodies today.
Speaking at an event held by the British Bankers’ Association, the UK’s deputy information commissioner David Smith called on banks to take their obligation to give customers’ access to the data they hold on them seriously.
"Getting it right on data protection doesn’t just mean keeping data secure," he said. "The law also gives individuals an important right to remain in control of their information.
"I want to remind banks of the need to take this obligation seriously, providing full responses in a timely manner," Smith said.
He warned that the recent ruling that many banks had mis-sold payment protection insurance (PPI) means that customers are likely to exercise that right. "We cannot have a repeat of the situation we were in two years ago when the unfair bank charges ruling took place. Our case workers were swamped with complaints from customers who hadn’t received a satisfactory response from the banks."
A recent study by Which? Money found that by far most common kind of complaint about banks’ data protection practices concerns this obligation to disclose customer data on request. The ICO received 271 valid complaints of this kind last year.
Meanwhile, EU commissioner Neelie Kroes reminded banks and financial services firms that they will one day be subject to a law forcing them to notify customers about any data breaches they suffer.
“I understand that some in the banking sector are concerned that a mandatory notification requirement would be an additional administrative burden,” said Reding, the Bloomberg news agency reported. However, this requirement would be "entirely proportionate and would enhance consumers’ confidence in data security and oversight," she said.
The plan to introduce such a requirement is included in the European Union’s proposed amendments to the Data Protection Directive. Speaking at the InfoSecurity conference earlier this year, the ICO’s Smith remarked that it will be a number of years before such a requirement is introduced in the UK.
Which Money?’s investigation found that the ICO received the most data protection compliants against Barclays Bank, followed by Lloyds TSB.