ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower

by Jeremy

The Information Commissioner’s Office (ICO) has ended its involvement in a dispute between NatWest and a former branch worker over confidential customer files stored at the ex-employee’s home.

The customer information, in paper format, was part of a work-from-home agreement with the former worker’s branch manager, which ran from 2006 to 2009.

But around 1,600 paper files containing confidential customer details remain in the home of the ex-member of staff, who has been trying to return them for more than ten years. These include documents with customer names, addresses, contact details, and account summary/history information.

In 2012, after an investigation, the ICO slapped the bank’s wrists over the arrangement and advised the former employee on the safe return of the customer files since.

According to the former worker, who wished to remain anonymous, the ICO informed her in July 2021 – nearly a decade after it became involved – that it could do nothing about it because the Data Protection Act covered only electronic information 1998 and not paper-based information, the format that she had it.

Computer Weekly asked the ICO why it had not told the former worker that it could not do anything earlier, but it refused to comment.

The ICO confirmed to Computer Weekly it had ended its involvement in the dispute. “The ICO has provided advice on data protection issues to parties involved in an employment dispute dating back to 2009.

“We are satisfied that the potential risk posed to individuals does not warrant further action, despite there being a change in the law [General Data Protection Regulation] since that time.”

Related Posts

Leave a Comment