Some of the biggest banks and leading financial institutions in the UK have been ordered to offer customers greater protection from ID fraud.
The move by the Information Commissioner’s Office (ICO) comes after it was revealed that documents with highly sensitive personal and account information related to individual customers were simply being dumped in rubbish bins outside offices.
The ICO has made the 11 companies – including HBOS, Alliance & Leicester, Royal Bank of Scotland, NatWest, Barclays Bank, Co-operative Bank and Nationwide building society – “promise to comply with the Data Protection Act in future”. If the offenders don’t, then the ICO will consider prosecution.
This seems unduly lenient to me.
Surely the breaches in security and data protection committed by these companies involve basic precautions that should be second nature to such institutions?
After all, these are the same companies who warn us to destroy personal information carefully whenever they send us correspondence.
The problem of ID fraud has been with us for long enough that one would hope that these companies and institutions would have clear, effective and tight procedures on disposing of sensitive material.
Some of these companies are currently posting record profits and the cost of implementing such basic methods of security and protection would represent a drop in the ocean when compared to the vast amounts they are raking in each year. Equally, in the case of the Co-operative Bank, the lapses do not square with its proud boasts about being a 100% ethical institution.
We don’t often get a second chance from these companies and institutions if we mess up, yet they are getting away with basic mistake after basic mistake.
Under the circumstances, endless warnings and reminders simply aren’t good enough.