Bank statements were among the details sent to the wrong people
A bank has been fined after repeatedly faxing customers’ account details and payslips to the wrong recipients.
Bank of Scotland, now part of Lloyds Banking Group, also sent bank statements, mortgage applications and contact details to the wrong people.
The error, which went on for three years, has led to a £75,000 fine from the Information Commissioner.
The bank apologised, blaming human error, but said the error only related to a fraction of the faxes it sent.
The mistake was first reported in February 2009, when a third party – that had a fax number one digit different from the intended recipient – started receiving documents in error.
It received 21 documents, while a member of the public, whose fax number was also the same apart from one digit, received 10 documents.
Customers’ names, addresses and contact details, as well as various other personal paperwork was sent.
The Information Commissioner’s Office (ICO) said that the bank was told on numerous occasions about the error, but mistakes continued, even when the ICO was investigating.
“The Bank of Scotland has continually failed to address the problems raised over its insecure use of fax machines,” said Stephen Eckersley, head of enforcement at the ICO.
“To send a person’s financial records to the wrong fax number once is careless. To do so continually over a three-year period, despite being aware of the problem, is unforgiveable and in clear breach of the Data Protection Act.”
He said these details could have been used by identity thieves.
This was the largest fine for a financial institution levied by the ICO.
A spokeswoman for Lloyds Banking Group said: “The security of our customers’ data is always our key priority. We apologise that, due to human error, a very small number of documents relating to 32 customers were unfortunately misdirected.
“This occurred over a period in which several million customer documents, using the same process, were correctly received. No customer suffered any harm or detriment as a result of this error. We are continually reviewing our processes to ensure our customers’ information remains safe.”