Banking fat cats must declare hack attacks

Banks are under pressure to fulfil legal obligations when it comes to the personal data of customers. The orders have been barked by David Smith, deputy commissioner at the Information Commissioner’s Office (ICO) watchdog. He has told the financial houses that they must supply greater transparency for customers.

He told bankers at a conference held by the British Banking Association that it was their obligation to offer access to the data they hold. He also wants them to take the way data is stored more seriously.

“Getting it right on data protection doesn’t just mean keeping data secure,” he said, adding that the law also gives us an “important right” to remain in control of our information.

Smith warned that the recent ruling that many banks had mis-sold payment protection insurance (PPI) meant that customers were also likely to exercise their right to get whatever data they needed.  

“We cannot have a repeat of the situation we were in two years ago when the unfair bank charges ruling took place,” he said.

A source at a top bank tells TechEye that although it tries keep its head above water, sometimes it doesn’t work. There are no guarantees that the industry won’t see the same problems as with the unfair bank charges:

“We take personal information seriously but there’s always times when things slip.

“Most of the time it’s sorted out internally without the need to even tell the customer, but we’ve had a few issues when the customer has had to be informed – and had threats from the ICO.

“We hope we’ll never see the same problems as the unfair bank charges but there’s no guarantee,” our source added.  

The British Bankers Association thinks everything’s dandy with the ICO. Speaking to TechEye, a spokesperson said: “UK banks have the highest of standards when it comes to the topic of customer data.

“We already take steps to ensure we have correct procedures in place and are currently seeking clarification from the ICO to understand what his concerns are.”

The European Union (EU) has cast a concerned eye over the industry.

This week, Viviane Reding, the EU justice commissioner, said that banks should immediately inform customers of any data breaches – as part of a new set of rules surrounding consumer security.

She said the move will put weight on businesses to assess the risks associated with the protection of personal data, while financial institutions will also have to provide top security.

Ms Reding intends to introduce a mandatory requirement to notify data security breaches, although she pointed out that some in the banking sector were concerned that a mandatory notification requirement would be an additional administrative burden. The poor things.

She quoted figures from a recent EU survey, which showed that over a third of consumers do not trust banks to protect their personal information.

Our source tells us: “We’ve seen hacks in branches on a small scale but again, been able to keep it quiet. If these rules come into place there could be panic as I’m sure other banks have done the same.

“There’s always a bank hack even if it doesn’t make the papers or come to the public’s knowledge. Suppose we can keep it quiet, unless the EU puts tools in place that notifies them when we suffer.”

A salary cut from the top may go a little way to affording better data protection.