Stay informed with free updates
Simply sign up to the Financial services myFT Digest — delivered directly to your inbox.
The UK’s privacy watchdog has received a surge in complaints about financial service companies’ handling of the type of data requests that gained notoriety after Nigel Farage’s “debanking” scandal.
Complaints to the Information Commissioner’s Office about financial companies’ failures to comply with “subject access requests” jumped 15 per cent in the year to the end of April, according to a Freedom of Information Request sent by consultancy KPMG.
Data subject access requests (DSARs) allow individuals to ask companies if they are using and storing their personal data, and request copies of this information. Companies have 30 days to respond under the Data Protection Act.
The watchdog received 1,874 complaints about finance, insurance and credit companies’ handling of DSARs during the period, up from 1,622 the previous year. Complaints about financial companies made up 16 per cent of the total and represented the largest share, ahead of the health sector.
Action taken by the ICO against companies in the financial services industry, meanwhile, rose 22 per cent to 688 rebukes in the period, compared with 563 the year before.
Graham Thomas, privacy director at KPMG, said high-profile cases including Farage’s, had helped raise awareness of individuals’ privacy rights and of DSARs.
“We are seeing an increase in the number of requests being made by individuals, particularly to financial services,” said Thomas. “Part of it is due to increased public awareness around their rights, the sensitivity of the information shared and high-profile media cases.”
This type of request was thrust into the limelight last year when Farage used a DSAR to obtain a 40-page dossier from Coutts that revealed its reputational risk committee had accused him of “pandering to racists” and being a “disingenuous grifter”. It concluded his politics were “at odds with our position as an inclusive organisation”.
The episode cost both Coutts and its parent group, NatWest, their chief executives and a third-party review recommended that NatWest improve its communications with customers over account closures.
There are many other reasons why people may send DSARs, said Thomas. Customers might want to know all the information financial companies hold on them, while others have more specific demands such as asking which address they have on file if they are not receiving mail from their bank.
Employees and former staff of particular companies also often made DSAR requests, he added.
The financial service sector also had “a large retail footprint” with a high volume of customers and handled sensitive information such as transactional data and credit scoring, making it prone to receiving such requests, said Thomas.
The challenge for banks and insurers in responding to DSARs lies in sourcing the information — which can be scattered around different systems — and then presenting it in a readable way, while leaving out information that may breach anti-financial crime regulation.