The Information Commissioner’s Office (ICO) has fined the Bank of Scotland £75,000 after customers’ account details were repeatedly faxed to the wrong recipients.
The information included payslips, bank statements, account details and mortgage applications, along with customers’ names, addresses and contact details. The documents were faxed over a three year period, with the first incident reported to the bank in February 2009 by a third party organisation.
In total, at least 21 documents were sent to the third party organisation during this time, with another member of the public receiving a further 10 misdirected faxes. Both parties had fax numbers that were one digit outside the intended recipient, which was a department within the bank that routinely uploaded documents onto the bank’s system.
Despite the company being informed of the problem on numerous occasions the errors continued. The matter was eventually referred to the ICO by the third party organisation, yet further mistakes were made even as the ICO was investigating the breaches.