Serious GDPR/DP Breach from bank

Shun_Naka

Hi All,

Looking for a bit of advice here -

My father and I have a serious GDPR/Data Protection breach issue with Halifax that has not been resolved after numerous visits to branch spanning the last 6 years. It is worth noting that we both share the same name & address.

I have had an account with Halifax for over 10 years (current account > student account w/overdraft)
My Father has his own savings account with multiple credit cards open and in use on his file.

It is my signature & student status confirmation etc. that is linked to my student current account, however when trying to deposit money into my account in branch around 6 years ago it was my fathers D.O.B. that was linked to my account.

Our accounts seem to have been "merged". My account was given access to the internet banking, erroneously giving me access to my fathers savings accounts and credit card accounts. We have had a multitude of problems that have resulted from this error.
- I can view and access ALL the information available to my fathers account - including the ability to transfer balances to and from his accounts to mine (including his credit cards) without his permission or knowledge.
- His mobile number is linked to the account meaning all overdraft warning, balance alerts and suspicious activity notifications on my account are being sent to him.
- Any erroneous fees etc from previous credit card transactions (including PPI) that my father has received from HBOS has been sent to my current account, I then have to manually transfer these to him.
- It is a huge data protection & GDPR breach - I can access all my fathers accounts and spending information, as well as credit card numbers, sort codes & account codes.
- It has had a negative impact on my own credit rating - I have available, unused credit (in the overdraft) that does not show up on any credit report because this is all technically on my fathers file.

The only saving grace in all this is we have a very good relationship - if we didn't I could have easily rinsed all the accounts and cards.
I've raised a complaint (again) via email by sending this information to the Halifax Complaints address & CEO of Halifax - what can I actually expect to happen here? I'm at my final straw where i don't know if it will ever be resolved and i'd be looking for some healthy compensation for the absolute mess they've made of this.

xylophone

You/your father should seek a final response from Halifax and then if unsatisfied, refer to the ombudsman.

However, perhaps you or your father should leave Halifax and bank elsewhere?

colsten

It should have been sorted many years ago. I am surprised you and your father let this go on for 6 years.

eskbanker

Shun_Naka wrote: »

I've raised a complaint (again) via email by sending this information to the Halifax Complaints address & CEO of Halifax - what can I actually expect to happen here?

Hopefully you'll have spelt out clearly exactly what you want to happen to resolve this, even if you think it's obvious.

In your shoes I'd prioritise getting everything sorted out first in terms of proper and full separation of your and your father's accounts, and once that's been resolved it would then seem appropriate to highlight the distress and inconvenience (and tangible costs if applicable) in order to negotiate some sort of compensation.

As above, FOS are available as a point of escalation if Halifax don't address your complaint to your satisfaction, and data protection breaches are the Information Commissioner's territory so you could report it to them too, although to be honest I doubt that they'd agree that the underlying original breaches really are objectively 'serious' and 'huge' in the general scheme of things, but it's hardly unreasonable to have expected resolution in less than six years. What happened to the complaint(s) you logged previously?