Speaking at the British Banker’s Association conference last week David Smith, Deputy Commissioner at the Information Commissioner’s Office (ICO) urged the all financial institutions, including the high street banks, to allow customers more and easier access to the information that is held by them. He also announced that this sector of business has been targeted by the Information Commissioner’s Office as one of their priority areas in it’s draft Information Rights Strategy.
David was quoted as saying: “The recent ruling about the mis-selling of Payment Protection Insurance will create a lot of work for the banks with many customers exercising their legal right to access the information that is held about them. I want to remind banks of the need to take this obligation seriously, providing full responses in a timely manner. We cannot have a repeat of the situation we were in two years ago when
the unfair bank charges ruling took place. Our case workers were swamped with complaints from customers who hadn’t received a satisfactory response from the banks.
Getting it right on data protection doesn’t just mean keeping data secure. The law also gives individuals an important right to remain in control of their information. We’ve identified the financial sector as one of our priority areas referred to in our draft
Information Rights Strategy as we want to make sure financial services providers are doing all they can to comply with data protection law. While the number of upheld complaints is small compared to the millions of bank accounts in the UK, mishandling of financial information can have a serious effect on individuals’ lives.”
This could have a major impact on the banks as they try to meet the demands of their customers who wish to exercise their rights under Section 7 of the Act and also ensure the
information held by them meets the requirements of Schedule 1 (the Principles).
Many people have complained to the ICO that they have not been able to obtain all the information held by the banks and more often that not it was supplied outwith the 40 day requirement.
If the ICO goes through with this and starts enforcement action against the banks for late or incomplete disclosure then it will be a big step forward in empowering the customers of these institutions to take control of their own personal information.