Bank of Scotland has been
fined 75,000 pounds after repeatedly faxing customers' account details and
payslips to wrong recipients for three years. Bank of Scotland, now part of Lloyds Banking Group, also sent bank statements,
mortgage applications and contact details to the wrong people. The error, which went on for three years, has led to a 75,000 pound fine from
the Information Commissioner, the BBC reported.
The bank apologised, blaming human error, but said the error only related to a fraction of the faxes it sent. The mistake was first reported in February 2009, when a third party - that had a fax number one digit different from the intended recipient - started receiving documents in error.
It received 21 documents, while a member of the public, whose fax number was also the same apart from one digit, received 10 documents. Customers' names, addresses and contact details, as well as various other personal paperwork was sent.
The Information Commissioner's Office (ICO) said that the bank was told on numerous occasions about the error, but mistakes continued, even when the ICO was investigating.
"The Bank of Scotland has continually failed to address the problems raised over its insecure use of fax machines," said Stephen Eckersley, head of enforcement at the ICO.
"To send a person's financial records to the wrong fax number once is careless. To do so continually over a three- year period, despite being aware of the problem, is unforgiveable and in clear breach of the Data Protection Act."
He said these details could have been used by identity thieves. This was the largest fine for a financial institution levied by the ICO. A spokeswoman for Lloyds Banking Group said: "The security of our customers' data is always our key priority. We apologise that, due to human error, a very small number of documents relating to 32 customers were unfortunately misdirected.
The bank apologised, blaming human error, but said the error only related to a fraction of the faxes it sent. The mistake was first reported in February 2009, when a third party - that had a fax number one digit different from the intended recipient - started receiving documents in error.
It received 21 documents, while a member of the public, whose fax number was also the same apart from one digit, received 10 documents. Customers' names, addresses and contact details, as well as various other personal paperwork was sent.
The Information Commissioner's Office (ICO) said that the bank was told on numerous occasions about the error, but mistakes continued, even when the ICO was investigating.
"The Bank of Scotland has continually failed to address the problems raised over its insecure use of fax machines," said Stephen Eckersley, head of enforcement at the ICO.
"To send a person's financial records to the wrong fax number once is careless. To do so continually over a three- year period, despite being aware of the problem, is unforgiveable and in clear breach of the Data Protection Act."
He said these details could have been used by identity thieves. This was the largest fine for a financial institution levied by the ICO. A spokeswoman for Lloyds Banking Group said: "The security of our customers' data is always our key priority. We apologise that, due to human error, a very small number of documents relating to 32 customers were unfortunately misdirected.
No comments:
Post a Comment