Which? uses cookies to improve our sites and by continuing you agree to our cookies policy

Banks regularly break data protection rules says Which?

Barclays found to be worst at keeping data safe

A keyboard with a credit card and padlock

Is your bank keeping your financial details safe?

Figures obtained by Which? have revealed that the UK’s biggest banks are breaching data protection rules with alarming regularity.

There were 515 complaints lodged with the Information Commissioner’s Office (ICO) about data protection breaches by eight of Britain’s biggest banks and building societies between August 2009 and August 2010 where the ICO thought it was likely they had broken the rules set out by the Data Protection Act 1998.

Which? used Freedom of Information Act requests to the ICO to find out how many data protection breaches banks and building societies have made.

Barclays, Lloyds and Santander are the worst offenders

Barclays was the bank with the most breaches with 116 complaints, followed by Lloyds TSB with 114 and Santander with 103. See the table below for how other banks and building societies performed.

Over half of all complaints arose from firms failing to provide customers with copies of the data held about them properly. Other potential breaches included banks holding inaccurate data about customers, failing to follow security measures and the disclosure of data to third parties.

Visit our guide to find out more about your rights under the Data Protection Act.

Data protection standards are slipping

Financial companies appear to be getting worse at looking after our data. In 2009, there were 1,163 complaints about banks and other lenders – up from 1,060 the previous year. In contrast, data protection-related complaints about other organisations, such as local authorities and HM Revenue & Customs, went down over the same period. 

And, with Which? research showing that just one in 10 people (13%) have heard of the ICO to complain to, these breaches are likely to be just be the tip of the iceberg. There is also no legal obligation for organisations to report data protection breaches to their customers or the ICO.

Visit our guide to banking online safely for more on how to keep your financial data safe online.

For more information on how to complain if you are unhappy with the way an organisation has handled your personal data, visit the Information Commissioner’s Office website. 

Bank and building society breaches
Brand Breaches
Barclays 116
Lloyds TSB 114
Santander a 103
Halifax b 81
RBS c 50
Nationwide 17
Bradford & Bingley d 2
Total 515

Table notes

Some complaints may have been recorded against more than one of an organisation’s brands so may show up more than once.

  1. Including Abbey and Alliance & Leicester
  2. Halifax/Bank of Scotland
  3. Royal Bank of Scotland/NatWest
  4. Bradford & Bingley’s savings business is now
    part of Santander


pound coins

Which? Money when you need it

You can follow @WhichMoney on Twitter to keep up-to-date with our Best Rates and Recommended Provider product and service reviews.

Sign up for the latest money news, best rates and recommended providers in your newsletter every Friday.

Or for money-saving tips, and news of how what’s going on in the world of finance affects you, join Melanie Dowding and James Daley for the Which? Money weekly money podcast

For daily consumer news, subscribe to the Which? news RSS feed here. And to find out how we work for you on money issues, visit our personal finance campaigns pages.

Back to top