We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Is this a Data Protection Breach
Options
Outsider_83
Posts: 166 Forumite
Hi All,
I had a complaint with my bank and subsequently left it, they ruled in my favour and awarded me £50. However to close off my complaint some sensitive information regarding the account I had with them, along with its value and shares was sent to another person's email account in error. The mistake was not picked up on for three weeks until I enquired about the email and was advised that it was sent but a character was left out of my email address so it went to someone else's inbox.
They have advised that since I am no longer a customer this is not their issue and that emails don't constitute data protection breaches. Furthermore they have advised that since this was in relation to a complaint and I accepted £50 the matter is closed.
Is all of what the bank has said correct?
I had a complaint with my bank and subsequently left it, they ruled in my favour and awarded me £50. However to close off my complaint some sensitive information regarding the account I had with them, along with its value and shares was sent to another person's email account in error. The mistake was not picked up on for three weeks until I enquired about the email and was advised that it was sent but a character was left out of my email address so it went to someone else's inbox.
They have advised that since I am no longer a customer this is not their issue and that emails don't constitute data protection breaches. Furthermore they have advised that since this was in relation to a complaint and I accepted £50 the matter is closed.
Is all of what the bank has said correct?
0
Comments
-
They are still liable for any wrongdoing, whether you remain a customer or not.
It's possible that the incorrect email address doesn't exist. So you may not have had your data breached.
But you should hold them to account. Your old complaint is closed. Now you have a new one. Make a complaint. Exhaust the bank's process. Escalate to the FOS.0 -
What was actually in the e-mail. To my knowledge the banks dont generally put sensitive information in e-mails. Was there anything that could identify you?0
-
Emails can constitute an data protection breach. Your original complaint may be closed but you can open a new complaint about them not taking adequate precautions to protect your information. Note that your perception of what is sensitive could be different from the Information Commissioner. Only information about the following is regarded as sensitive:
your racial or ethnic origin
your political opinions,
your religious beliefs
whether you are a member of a trade union your
your physical and mental health
your sex life
any crimes you may have committed or be alleged to have committed
If the data released inadvertently isn't in the above categories, the ICO will regard the breach as less serious. At best they will ask the Bank to tighten procedures to ensure email addresses are double-checked.
You can still complain to them if you are no longer a customer. They have a duty of care to you and your data until all your data is deleted from their systems.
You have already had an explanation that confirms the breach wasn't wilful.The comments I post are my personal opinion. While I try to check everything is correct before posting, I can and do make mistakes, so always try to check official information sources before relying on my posts.0 -
Have you verified that an account actually exists for the address used? The email may simply have bounced.
Of course if they've been negligent in handling your personal information that's a valid complaint unrelated to the original one. You're free to raise that with them and with the FOS if they refuse to accept it.
You can also raise a complaint with the Information Commissioners Office:
https://ico.org.uk/concerns/handling/0 -
Thanks all for your feedback, some points below:
1. The incorrect email address seems to have existed as there was no bounce back.
2. The information sent to the incorrect address included:
1. My name
2. New bank information including a reference number.
3. The size of my shares with the current bank and what they would have made with the new bank during the same time.
4. Financial repercussions of this difference.
5. Apology.
6. Information on complaint resolution.
7. Former bank details.0 -
No sensitive information, then. You may wish to advise your new bank that your details have been compromised, and they may take steps to protect you from fraud.I consider myself to be a male feminist. Is that allowed?0
-
How can this not be considered a breach? It's really poor from the bank.0
-
Which bank is it? Name and shame them.I consider myself to be a male feminist. Is that allowed?0
-
It was Bank of Ireland, I just spoke to them and they have advised that "no real harm has been done, it would benefit both parties to close off this investigation," I'm left disappointed.0
-
Outsider_83 wrote: »It was Bank of Ireland, I just spoke to them and they have advised that "no real harm has been done, it would benefit both parties to close off this investigation," I'm left disappointed.
Bank of Ireland are particularly poor I think with regards information and staff competence. It certainly benefits them to close off the investigation, but if it bothers you (and it would probably bother me if I were in your situation), then I suggest taking it further.I consider myself to be a male feminist. Is that allowed?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.2K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards