Documents including payslips, bank statements, account details and mortgage applications with customers’ address and contact details were misdirected over a three-year period, The Wilmslow, England-based ICO said in a statement on its website today. At least 21 documents were sent to a third-party organization, while a member of the public received 10 faxes.
“The Bank of Scotland has continually failed to address the problems raised over its insecure use of fax machines,” Stephen Eckersley, head of enforcement at the ICO, said in the statement. “To send a person’s financial records to the wrong fax number once is careless. To do so continually over a three-year period, despite being aware of the problem, is unforgivable.”
Both undisclosed parties had fax numbers one digit different from a department within the Bank of Scotland that “routinely uploaded documents onto the bank’s system,” according to the statement. The first incident was reported in 2009.
Lloyds said in a separate statement that the “security of our customers’ data is always our key priority” and blamed the misdirect faxes on “human error.” Thirty-two customers were affected and none of them “suffered any harm or detriment as a result of this error,” it said.
To contact the reporter on this story: Simone Meier in London at firstname.lastname@example.org
To contact the editor responsible for this story: Edward Evans at email@example.com