Jeff Salway: Fears over personal security grow

It may not always be easy, but try to be as careful as you can about who you share your valuable personal information with. Picture: Getty

A SURGE in cold calls and spam texts from unscrupulous pension firms has triggered renewed anxiety over the security of personal information, as data privacy complaints against financial services firms continue to rise.

UK financial services firms have been investigated nearly 600 times over the past year for data privacy breaches, almost a threefold increase on the previous 12 months, it has been revealed.

A Freedom of Information request found that the Information Commissioner’s Office (ICO) carried out 585 probes into reported breaches of the Data Protection Act by financial services firms over the year. Among the firms to have been investigated for multiple potential breaches were state-backed Lloyds Banking Group and Royal Bank of Scotland, as well as Barclays and Santander.

“There is a huge amount of complacency in the financial services industry about this issue,” said Tony Pepper, chief executive of Egress, who made the FOI request.

Very few fines have been dished out for transgressions, however. One exception was a £75,000 penalty imposed on Bank of Scotland for repeatedly sending customer details to the wrong recipients.

The most common complaints – including some reported by the companies in question – were around inaccurate data records and customers being refused access, while the most serious concerned data that had been lost or sent to the wrong recipient.

The rise in complaints is due partly to growing consumer awareness of the issues around data protection, according to the ICO.

The figures emerged just weeks after the launch of pension reforms that have triggered a huge increase in complaints about cold calls and direct marketing text and e-mails. Thousands of people approaching retirement have received unsolicited phone calls, texts and e-mails from firms who have somehow obtained their details so they can target them with high-risk and typically unregulated pension investments and “reviews”.

The ICO has warned previously that the pension changes – making it far easier for people in defined contribution schemes to access their pension pots from the age of 55 – would increase the risk of fraud. It said it was aware of claims that several firms in the cold-calling sector had bought details of millions of people’s pensions data from financial services firms and is currently investigating those allegations.

So how can you ensure your data is secure? The bad news, according to Jeffrey Meek, partner at French Duncan Chartered Accountants in Edinburgh, is that it’s almost impossible to guard against individual staff selling data in exchange for cash. Banks and other large financial firms employ large numbers of staff who handle lots of information and who are offered money to pass it on, he pointed out.

“You can have a lot of institutional security, but it doesn’t take much for an individual to get data out if they want to,” said Meek.

“If someone at a bank is on the minimum wage and they’re offered a sum of money in exchange for the information they handle, that information will sometimes get out.”

Demand for the data processed by financial services staff has increased as firms have found new and more profitable ways of using that information.

One step that could stem the rise of data breaches would be to introduce greater personal accountability, he added, where individuals as well as firms would be on the hook when found guilty.

“When there’s a scandal and the company is fined it’s the shareholders that pay the price, not the individual responsible.”

Some of the biggest data breaches in recent times – including those concerning NHS records – have resulted from expensive individual mistakes such as laptops being left on public transport.

That suggests there’s relatively little that people can do to ensure their data is being handled responsibly by firms such as banks, insurers and mobile phone providers. So how can you minimise the risk of your data being compromised? One way is to be circumspect about who you share information with. The rise in information sharing on social media such as Facebook, for instance, has made it easier for firms to obtain the basic data they need.

“A lot of people will put their birth date on a form when they’re asked to, for instance, but it’s not always necessary,” said Meek.

Similarly, many firms provide a tickbox for customers to indicate that they don’t want their data to be passed on, but customers often fail to take the opportunity to opt out. Where data have been given away voluntarily it’s not always illegal to sell it on.

There are other steps you can take if you’re concerned about the security of your data, however. “There are ways that individuals and companies can control and protect data, such as encryption, but few people use this because it’s perceived as being too much hassle. Lots of people are not pursuing reasonable precautions.”

It’s also worth checking your credit record to check whether you’re being impersonated, and for other signs of potential fraud.