Bank of Scotland fined £75k for fax blunder


The Bank of Scotland has been fined £75,000 after a series of fax number blunders that went on over four years.

The Information Commissioners Office (ICO) issued the penalty to the bank for repeatedly sending faxes containing customers' personal details to the wrong recipients.

Confidential documents that were put into the wrong hands included payslips, bank statements, bank account details, photocopies of IDs, pension plan details and mortgage applications. The ICO said the slipups were a severe breach of data protection laws, which broke the trust of customers and put those involved at risk of identity fraud.

The first incident of a misdirected fax was reported in February 2009 by a third party organisation.
This was meant to be sent to a data controller organisation called Nexus, which scans documents into its workflow system.

The error was the result of misdialling the Nexus number by one digit - an eight instead of a two.
In total there were 21 incidents where information was mistakenly sent to this organisation, sent from 20 different locations by 20 different staff members.

Meanwhile a member of the public, whose fax number was just one digit difference from an Edinburgh office which processes customer requests, was sent documents containing sensitive information on 11 occasions. To put an end to this severe data security breach the bank resorted to buying the fax number from this individual.

Thankfully for the 32 people whose details were involved - the majority of which were Halifax customers - none of the information was disseminated any further. The parties that received the data in error shredded the documents and reported the incidents to the ICO.

The ICO said that the Bank of Scotland was told on numerous occasions about the blunders and were told to take action. But the mistakes continued to happen even while the ICO investigation was going on. The most recent was recorded in February 2013.

In its verdict the ICO said that the bank had failed to take sufficient technical and organisational measures against unauthorised processing of personal data. For example it should have invested in better training for staff and finding more secure methods of sending personal material.

The ICO was especially surprised the reccurring error of misdialling the numbers eight and two was not alerted to staff given its prevalence.

Many of the fax machines involved could not be pre-programmed because of their age, which opened the process up to human error. In its defence the Bank of Scotland told the ICO that the Nexus fax number receives around 325,000 items of correspondence a week and the misdirected incidents made up only a small percentage of this total.

In a statement Lloyds Banking Group spokesperson said: "The security of our customers' data is always our key priority. We apologise that, due to human error, a very small number of documents relating to 32 customers were unfortunately misdirected.

"This occurred over a period in which several million customer documents, using the same process, were correctly received. No customer suffered any harm or detriment as a result of this error. We are continually reviewing our processes to ensure our customers' information remains safe."

But as Stephen Eckersley, Head of Enforcement at the ICO said: "To send a person's financial records to the wrong fax number once is careless. To do so continually over a four year period, despite being aware of the problem, is unforgiveable and in clear breach of the Data Protection Act."

The £75,000 penalty is the biggest the ICO has issued. The ICO said that the Bank of Scotland had sufficient financial resources to pay the fine without it causing undue financial hardship. If the Bank of Scotland pays by 28th August it will receive a 20% discount bringing the penalty down to £60,000.
The funds will be added to the Government's general bank account at the Bank of England.

Fed up with your bank? From £100 for joining to 5% interest, see what other top accounts have to offer

10 things we hate about our banks
See Gallery
Bank of Scotland fined £75k for fax blunder

More than 46,000 of 106,000 the complaints received by the FOS in the second half of last year related to payment protection insurance (PPI). And the organisation is expecting to receive a record 165,000 PPI complaints in 2012/2013.

The huge numbers are due to the PPI mis-selling scandal that should now be a thing of the past, but there is no doubt that the insurance, which can add thousands to the cost of a loan, is highly unpopular!

(Pictured: Martin Lewis after the PPI payout ruling)

Complaints about mortgages jumped by 38% in the last six months of last year, the FOS figures show, compared to an increase of just 5% in investment-related complaints.

Common gripes about mortgages include the exit penalties imposed should you want to sell up or change you mortgage before a fixed or discounted deal comes to an end, and the high arrangement fees charged by many lenders.

While there is nothing in the data released by the FOS about the number of complaints relating to savings accounts, hard-pressed savers have been struggling with low interest rates for several years now.

You can get up to 3.10% with Santander's easy-access eSaver account, but many older accounts are paying 1.00% or less and even this market-leading offer includes a 12-month bonus of 2.60% - meaning that the rate will plummet to just 0.50% after the first year.

Banks are imposing the highest authorised overdraft interest rates since records began, with today's borrowers paying an average of 19.47%, according to the Bank of England.

A typical Briton with an overdraft of £1,000 is therefore forking out around £200 in interest charges alone. Coupled with meagre returns on savings, it's enough to make your blood boil!

While authorised overdrafts may seem expensive, going into the red without permission will cost you even more due to huge penalty fees.

Barclays, for example, charges £8 (up to a maximum of £40 a day) each time that there is not enough money in your account to cover a payment.

If you need to send money abroad, the likelihood is that your bank will impose transfer charges - and offer you a poor rate of exchange. Someone transferring a five-figure sum could easily lose out by £500 or more as a result.

The good news, however, is that you can often get a better deal by using a currency specialist such as Moneycorp.

Automated telephone banking systems, not to mention call centres in far-flung parts of the world, are one of our top gripes - especially as we often encounter them when we are already calling to report a problem.

In the words of one disgruntled customer: "What is it about telephone banking that turns me into Victor Meldrew? Well, maybe it's the fourteen security questions, maybe it's the range of products that they try to push or maybe it's because I'm forced to listen to jazz funk at full volume while my phone bill soars.

"Actually though, I think it's because the people I eventually speak to rarely seem able to solve the issue I'm calling about."

The days of a personal relationship with your bank manager are long gone - for the huge majority of us at least.

When ethical Triodos Bank investigated recently why around 9 million Britons would not recommend their banks to a friend or relative, it found that almost a third felt they were not treated as individuals. Another 40%, meanwhile, were simply disappointed with the customer service they received.

When you're in a rush, the last thing you want to do is wait in a long queue at your local branch.

Researchers at consumer champion Which? recently found that most people get seen within 12 minutes, but you could have a much longer wait if you go in at a busy time. Frustrating stuff!

The Triodos Bank research also indicated that the bonus culture that ensured the bank's high-flying employees received large salaries, even when it was making a loss at the taxpayer's expense, was hugely unpopular with consumers.

About a quarter of those who would not recommend their current banks said this was the main reason why. And with RBS executives sharing a £785 million bonus pool despite the bank, which is 82% publicly owned, making a loss of £2 billion last year, it's not hard to see why.

Read Full Story