Get out of M&S Bank (Clause 37 is coming)

Paper_Money

Some nasty new terms & conditions for fixed-term account holders at M&S Bank are coming into force on September 1, 2014.

They allow HSBC to sell all the customer data to anyone they like anywhere in the world without restriction. The only way to prevent it, is to close your accounts with M&S Bank.

As you probably know HSBC is the bank behind Marks & Spencer's banking outfit M&S Bank. You buy your socks and do a little banking at the same shop. Great. It's great for HSBC too, the bank that was busted in 2012 for providing banking services to drug lords and terrorists. They get to mix your savings in with the dodgy drug cash. Now they plan to have some fun with your data too.

It is all listed in the new M&S Bank "clause 37".

Clause 37 (summarised): By keeping your account open with M&S Bank, you allow HSBC to use your customer information globally with anyone they do business with and for any reason. The information will no longer be held according to data protection legislation, but stored in any country and used for any purpose.

If you do nothing, clause 37 will automatically apply to your account. You can't opt out of clause 37. Clause 37 "takes priority" over all previous "ways we can use your information".

If you are in a fixed-term account with M&S Bank. You can break out of the fixed-term period charge-free by refusing to accept these new changes to the terms. You have to telephone M&S Bank by September 1, 2014. M&S Bank are currently sending out letters to all customers with these accounts. But the letter is written so as to not draw attention to these nasty terms, you have to read the boring small print in the booklet to find out about it.


Read about clause 37 on the M&S Bank site here (pdf):
bank.marksandspencer.com/pdf/FRNoV.pdf

These are terms peculiar to HSBC. Keep your data safe, avoid accounts at M&S Bank or HSBC.

moneyfoolish

Paper_Money wrote: »

It's great for HSBC too, the bank that was busted in 2012 for providing banking services to drug lords and terrorists.

I thought that applied to all banks!

eskbanker

Paper_Money wrote: »

The information will no longer be held according to data protection legislation, but stored in any country and used for any purpose.

That's not really true though - they list a number of specified purposes (albeit fairly broad) and continue to be obliged to hold the information according to data protection legislation in the countries where it's stored. They do accept the point that such legislation obviously varies in strength from one country to another but they don't have some sort of opt-out that exempts them from compliance with the law!

kidmugsy

Paper_Money wrote: »

It's great for HSBC too, the bank that was busted in 2012 for providing banking services to drug lords and terrorists.

Are you quite sure; that's not my memory of what happened.

Reaper

Paper_Money wrote: »

Clause 37 (summarised): By keeping your account open with M&S Bank, you allow HSBC to use your customer information globally with anyone they do business with and for any reason. The information will no longer be held according to data protection legislation, but stored in any country and used for any purpose.

That isn't a fair summary. For example it can only be passed on to 3rd parties outside the M&S/HSBC group for marketing purposes "where you have consented to marketing".

And even within the M&S/HSBC Group:
to manage our relationship with you (including marketing and market research if you agree to them)

That doesn't really tie up with your claim it can be used "for any purpose".

Paper_Money

eskbanker wrote: »

That's not really true though - they list a number of specified purposes (albeit fairly broad) and continue to be obliged to hold the information according to data protection legislation in the countries where it's stored. They do accept the point that such legislation obviously varies in strength from one country to another but they don't have some sort of opt-out that exempts them from compliance with the law!

You are implying other countries have data protection laws. Most countries do not have any data protection laws at all. The new terms allow them to move your information to any country, "you agree that we may transfer and disclose Customer Information to the following recipients globally.." This means the information can be moved to a country with no data protection laws. As HSBC is a global bank, you can see how easy it will be for them. Then anything may happen to it.

kidmugsy wrote: »

Are you quite sure; that's not my memory of what happened.

See HSBC on wikipedia for details about their relationship with drug lords. It is well documented.

Reaper wrote: »

That isn't a fair summary. For example it can only be passed on to 3rd parties outside the M&S/HSBC group for marketing purposes "where you have consented to marketing".

And even within the M&S/HSBC Group:
to manage our relationship with you (including marketing and market research if you agree to them)

That doesn't really tie up with your claim it can be used "for any purpose".

There is a long list of recipients in clause 37.3. This list is very broad and includes globally "anybody who provides services to them or their agents" and "any third party in connection with any reorganisation, sale or acquisition of any member of the HSBC Group's business".

For example, HSBC could create a subsidiary company in Indonesia and transfer all data to it legally. They then sell this subsidiary to whoever they like along with all the data. Very easy. The new owners could do anything with the data, no restrictions. HSBC could repeat this process all day long for the small price of a shell corporation in Indonesia. The new terms allow it.

PeacefulWaters

See HSBC on wikipedia for details about their relationship with drug lords. It is well documented.

When did you update it?

JohnRo

Paper_Money wrote: »

See HSBC on wikipedia for details about their relationship with drug lords. It is well documented.

You've missed the point being made. As for wikipedia and its agenda, no thanks.

Bantex_2

What is the problem?

eskbanker

Paper_Money wrote: »

You are implying other countries have data protection laws. Most countries do not have any data protection laws at all. The new terms allow them to move your information to any country, "you agree that we may transfer and disclose Customer Information to the following recipients globally.." This means the information can be moved to a country with no data protection laws. As HSBC is a global bank, you can see how easy it will be for them. Then anything may happen to it.

I haven't conducted any detailed global research into data protection legislation but those who have would seem to have identified that the majority of the developed world do have provisions in place, see http://www.informationshield.com/intprivacylaws.html for example.

So, while I don't think anyone would claim that every country has them, I also think it's an exaggeration to claim that "Most countries do not have any data protection laws at all".

I still think you're missing the point though - it's one thing for them to use Ts & Cs that don't try to identify in advance every single country a global business operates in, but it's another thing altogether for them to actually do something as self-defeating as dumping personal data somewhere it wouldn't be protected!