Digital Transformation

ICO issues fine after data protection blunder

The Bank of Scotland has been fined by the Information Commissioner’s Office after a series of data protection errors.

The Information Commissioner’s Office (ICO) has issued a fine to the Bank of Scotland after a series of errors led to customers’ confidential data being put at risk.

Back in 2009, an unnamed third party received a fax from the bank that they should not have been privy to. Despite reporting the incident, the problem continued and the organisation eventually reported the bank to the ICO.

After an investigation, it was discovered that 21 documents including payslips, bank statements, account details and mortgage applications had been sent by fax to the wrong numbers.

In some cases the documents went to other businesses, but ten faxes were also misdirected to members of the public, which could have had serious implications had they been willing to use the information they received maliciously.

The ICO has now issued the Bank of Scotland with a £75,000 fine for the breaches.

Head of enforcement Stephen Eckersley said this should act as a warning to other companies that are making do with shoddy data practices.

"To send a person’s financial records to the wrong fax number once is careless. To do so continually over a three-year period, despite being aware of the problem, is unforgiveable and in clear breach of the Data Protection Act," he pointed out.

A spokesperson for the Bank of Scotland’s owner Lloyds Banking Group said it accepts the fine and is making changes to the way it handles data as a result.

However, they added: "No customer suffered any harm or detriment as a result of this error."

Earlier this year, the ICO was forced to penalise NHS Surrey to the tune of £200,000 after it allowed old computers containing public data to go up for sale on a public auction site. The machines should have been wiped, but this was not carried out.

NHS Trust Staffordshire was also fined £55,000 for sending medical information to the wrong fax number in a similar incident to what happened at the Bank of Scotland.