Extra, extra,
read all about it!

TSB’s woes continue with apparent data breach

Major bank TSB's turbulent few months are set to continue following complaints by a number of its customers relating to breaching data protection laws.

It comes just days after ground-breaking new legislation, the General Data Protection Regulation (GDPR), was implemented into UK law. The timing of this incident is therefore not ideal, with awareness amongst consumers of data protection law and the implications of any breaches arguably at an all-time high.

TSB had recently decided to switch its IT system across from the operations managed by its former owner RBS. The migration of data across the two systems resulted in around half of the bank's 5 million customers not being able to view their balances or make transactions, and in some cases having money stolen from their accounts by fraudsters.

Unfortunately for the bank, one potential data breach then created another when the bank attempted to send letters to customers acknowledging their complaints regarding the IT switchover, only for some of the letters of apology to be sent to the wrong addresses.

Labour MP John Mann, who sits on the Treasury Committee, has stressed that "action could be taken against the bank". The Information Commissioner's Office (ICO) has already said that it is "continuing to make enquiries in relation to TSB and are aware of ongoing issues".

The question at the heart of this issue is whether TSB had the appropriate measures in place to prevent these types of occurrences. It will be interesting to see how the ICO deals with this case following the introduction of GDPR in the event that TSB are found to be at fault. The ICO will be particularly aware that its decisions will be subject to serious scrutiny as many interested parties seek clarity on the ICO's position in terms of any penalties that it might impose in these circumstances.

It also highlights the ongoing necessity for all organisations, however big or small, to ensure that they are GDPR compliant when handling personal data.

If you have any questions about the new data protection laws and how they affect your organisation, call David Hudson or Kerry Beynon on 029 2048 2288.


All the latest from Acuity

Here you will find all the latest news as it happens. If it’s news and it involves Acuity, one of our clients or our CSR activities this is the place to come.

Back to news