Bank staff member breaking data protection law

Acara

Bank staff member ( also family member) has accessed our accounts without any authority or need to do so. We all know he is v strange and keep away from him really. But can't ignore this any longer and any advice on what to do would be great. Causing huge huge mental distress.

Blingy

You could report it to the branch manager (his boss). Or if you have some sort of proof you could take your complaint to the ombudsman however you would have to lodge a complaint to the bank first before going to ombudsman I believe.

Peregrinus

1. Complain to the bank. They will take a very dim view. This is a sackable offence.

2. Take your business to another bank where nobody connected with you works.

FishOnABike

It might be inconvenient but would you (and any of the rest of your family) consider changing to a different bank if another bank has a branch near ? Other than a mortgage account with your current bank it should be straightforward enough (with a little inconvenience) to move other accounts.

As to what to do about the inquisitive family member - do you want to report him? It would be a disciplinary matter for the bank. If he is looking at your accounts is he likely to be looking at others, friends, colleagues, acquaintances,... The bank would treat this breach of confidentiality seriously.

Acara

Peregrinus wrote: »

1. Complain to the bank. They will take a very dim view. This is a sackable offence.

2. Take your business to another bank where nobody connected with you works.

No 2 I've done and have had absolutely no problems.Just such a relief to know nobody snooping and passing on my private information to third parties. My problem really is that this person is very well 'connected' in the bank and I feel totally intimidated by them.

Acara

FishOnABike wrote: »

It might be inconvenient but would you (and any of the rest of your family) consider changing to a different bank if another bank has a branch near ? Other than a mortgage account with your current bank it should be straightforward enough (with a little inconvenience) to move other accounts.

As to what to do about the inquisitive family member - do you want to report him? It would be a disciplinary matter for the bank. If he is looking at your accounts is he likely to be looking at others, friends, colleagues, acquaintances,... The bank would treat this breach of confidentiality seriously.

Thanks for reply. Have moved accounts and what a relief. And of course you are absolutely right, he looks into everyone's accounts!!. 30 years sneaking around in other peoples accounts is shocking and he just doesn't get that you can't do that. Passing on private financial information and even altering it purely to cause harm and hardship is what I have to take on now. I will not mention name of bank or name of family involved but this is a 'banking' family and all protect him hugely.

lazeedaisy

You can go report them to the data commissioner, it's a serious offence, but you need proof.

Peregrinus

"Passing on my private information to third parties" is something you didn't mention in your first post. If that's an element of what happened, it makes the whole business much, much worse. Put it front and centre of any complaint that you make.

You can do either or both of:

1. Make a complaint to the Data Protection Commissioner

2. Make a complaint to the Financial Services Ombudsman

Both will expect you to have approached the Bank first, and will ask you what to did to bring your problem to the attention of the bank, and why you are dissatisfied with the outcome. And that does raise the question - what outcome do you want? You're no longer a customer of the bank, so it doesn't seem that there's any way they can improve their services to you in the future. You don't suggest that your data has been abused in a way that causes you financial loss (though, if it has, obviously you can look for compensation). Are you looking for an apology? Are you looking for revenge?

Note that as far as both ombudsmen are concerned, you are not complaining about your relative who works in the bank; you are complaining about the bank. Obviously the fact that this complaint is made, and (if it happens) the fact that it is upheld, will have implications for your relative's standing in the bank, and his future career progression. And, however well-connected in the bank your relative may be, if the bank is satisfied that he has really been handing out customers' information to third parties he will very rapidly find himself much less well-connected. But that's a matter between the bank and him; the ombudsmen won't go there.

Acara

lazeedaisy wrote: »

You can go report them to the data commissioner, it's a serious offence, but you need proof.

It is very very serious and has had huge effect on our mental well being. It is even more shocking that this guy is an assistant manager which allows him to snoop all he likes really and then pass on information. I have plenty proof because third parties have all our account details which he printed off. Text message to third party giving details of my salary. His wife is a manager in the same bank and is well aware of these activities and would not see this as serious at all.

To Elland Back

All these computer systems leave an 'operator trail'. If you are certain the person has done this, investigations will reveal time, date, pc and user who monitored your account

Acara

Peregrinus wrote: »

"Passing on my private information to third parties" is something you didn't mention in your first post. If that's an element of what happened, it makes the whole business much, much worse. Put it front and centre of any complaint that you make.

You can do either or both of:

1. Make a complaint to the Data Protection Commissioner

2. Make a complaint to the Financial Services Ombudsman

Both will expect you to have approached the Bank first, and will ask you what to did to bring your problem to the attention of the bank, and why you are dissatisfied with the outcome. And that does raise the question - what outcome do you want? You're no longer a customer of the bank, so it doesn't seem that there's any way they can improve their services to you in the future. You don't suggest that your data has been abused in a way that causes you financial loss (though, if it has, obviously you can look for compensation). Are you looking for an apology? Are you looking for revenge?

Note that as far as both ombudsmen are concerned, you are not complaining about your relative who works in the bank; you are complaining about the bank. Obviously the fact that this complaint is made, and (if it happens) the fact that it is upheld, will have implications for your relative's standing in the bank, and his future career progression. And, however well-connected in the bank your relative may be, if the bank is satisfied that he has really been handing out customers' information to third parties he will very rapidly find himself much less well-connected. But that's a matter between the bank and him; the ombudsmen won't go there.

Thank you for your reply. I am not looking for revenge of any sort just fair play. The amount of mental anguish unreal.

Hemerodrome

lazeedaisy wrote: »

You can go report them to the data commissioner, it's a serious offence, but you need proof.

No they don't. If a complaint is investigated, that's when evidence is gathered, it's not up to the OP to produce it.

homer911

To Elland Back wrote: »

All these computer systems leave an 'operator trail'. If you are certain the person has done this, investigations will reveal time, date, pc and user who monitored your account

Not necessarily, although technically they SHOULD


Activity logging is a major overhead on any system. Many old systems simply don't support it at all. Logs can be large and can be purged down frequently to save space


OP - it would help if you had notes of every occasion inappropriate access to your account was made - reference to specific transactions or balances. It may be impossible to prove, but it may support other claims against this person

Orion

Acara wrote: »

My problem really is that this person is very well 'connected' in the bank and I feel totally intimidated by them.

It actually doesn't matter how "well connected" he is what he's done is illegal and could (should?) be sacked for it. This isn't a small family business you're talking about - it's a national bank. Definitely report this to his manager or if you feel that he's too connected to them then go straight to head office and let their risk/compliance department know.

Acara

homer911 wrote: »

Not necessarily, although technically they SHOULD


Activity logging is a major overhead on any system. Many old systems simply don't support it at all. Logs can be large and can be purged down frequently to save space


OP - it would help if you had notes of every occasion inappropriate access to your account was made - reference to specific transactions or balances. It may be impossible to prove, but it may support other claims against this person

Thank you for that, can provide an account of everything. Also third parties hold this information that was given to them by this individual. These are all connected to the same bank. I and all of my family and friends have been banking in this bank for years and never had a problem.

Acara

Orion wrote: »

It actually doesn't matter how "well connected" he is what he's done is illegal and could (should?) be sacked for it. This isn't a small family business you're talking about - it's a national bank. Definitely report this to his manager or if you feel that he's too connected to them then go straight to head office and let their risk/compliance department know.

Thank you all so much for your advice. This has been weighing me down for so long now. Might be best to write to head office as myself and my husband have already informed two managers and they said it was nothing to do with them.

Orion

Tell head office that two manager refused to investigate it. That's actually worse.

Acara

Orion wrote: »

Tell head office that two manager refused to investigate it. That's actually worse.

But in fairness we there to discuss something else and I told them both about this individual and the distress he was causing. They said it had nothing to do with them and never gave any advice on how to go about reporting it.

Orion

If you told a manager in BoI about a staff member illegally access account information they are contractually bound to report that to the risk, compliance or security department. There is absolutely no room for misinterpretation there. I work in a bigger bank than BoI and everyone working there is bound to report security breaches.

Acara

Orion wrote: »

If you told a manager in BoI about a staff member illegally access account information they are contractually bound to report that to the risk, compliance or security department. There is absolutely no room for misinterpretation there. I work in a bigger bank than BoI and everyone working there is bound to report security breaches.

I know I'm on a public forum so I won't name Bank but it wasn't BOI. This guy is well protected and his actions are totally malicious. My husband invited him, his mother and sister (all involved)to a meeting last Monday with a neutral party to discuss this. Not one of them turned up because they said they would find such a meeting ' overwhelming'. You couldn't make this stuff up.

glued

Acara wrote: »

I know I'm on a public forum so I won't name Bank but it wasn't BOI. This guy is well protected and his actions are totally malicious. My husband invited him, his mother and sister (all involved)to a meeting last Monday with a neutral party to discuss this. Not one of them turned up because they said they would find such a meeting ' overwhelming'. You couldn't make this stuff up.

Have you asked why he may be doing this? It seems like a bizarre thing to do and you would imagine there is some background to this story. Have you any material proof that can implicate him?

Acara

glued wrote: »

Have you asked why he may be doing this? It seems like a bizarre thing to do and you would imagine there is some background to this story. Have you any material proof that can implicate him?

It is totally bizzare I know and I do have material proof but he had gone into the woodwork and won't communicate.

Sheeps

I know someone who was fired from a major Irish financial institution for looking at her landlords bank balance. Silly wench.

The audit trail banks are required to provide in their applications will reveal all. If your suspicions are correct, it will result in the same outcome.

Orion

Acara wrote: »

I know I'm on a public forum so I won't name Bank but it wasn't BOI.

Apologies - I thought I'd read BOI earlier in the thread. Same point applies to all banks though.

Acara

Orion wrote: »

Apologies - I thought I'd read BOI earlier in the thread. Same point applies to all banks though.

No problem you can probably guess which bank anyway

Seanachai

Acara wrote: »

No problem you can probably guess which bank anyway

I think it's time to make them lose some sleep over this now, if you haven't been exposed to corruption before it can be very jarring when it actually lands on your doorstep. We read about it and it happens at a safe distance but it's disrupting when we experience it first hand. Good luck with getting to the bottom of this.

Larbre34

Acara wrote: »

I know I'm on a public forum so I won't name Bank but it wasn't BOI. This guy is well protected and his actions are totally malicious. My husband invited him, his mother and sister (all involved)to a meeting last Monday with a neutral party to discuss this. Not one of them turned up because they said they would find such a meeting ' overwhelming'. You couldn't make this stuff up.

Its time for a good solicitor. This should now be between him as your representative and the bank and/or data protection commissioner. Clearly trying to deal with this yourselves is causing undue stress, so give it to a competent and recommended professional - if this is a 'small town' issue, bring someone in from another area.

gizmo555

Peregrinus wrote: »

Note that as far as both ombudsmen are concerned, you are not complaining about your relative who works in the bank; you are complaining about the bank.

This is not necessarily true. It is an offence to disclose personal data which was obtained without authority (S.22 Data Protection Act, 1988). This doesn't apply to employees of the data controller, so wouldn't in this case apply to the bank staff member who initially obtained the data.

But if anyone he provided the data to further disclosed it, that person could be guilty of an offence.

Gone West

So, an Irish bank, but not BoI.
Manager is the wife, and assistant manager is the husband?
I'd say that's more than enough information for somebody to identify the parties you are speaking about.
Be careful!

To Elland Back

Acara wrote: »

. This guy is well protected and his actions are totally malicious. .

Seriously, and I know it is easy for us to say this, but bring this to the attention of senior management and it will be dealt with swiftly and to the letter of the law. There is no cronyism open to these guys anymore, there are so many routes open to you is it is not resolved to your satisfaction

Patrick Wheelock

Fuzzy wrote: »

So, an Irish bank, but not BoI.
Manager is the wife, and assistant manager is the husband?
I'd say that's more than enough information for somebody to identify the parties you are speaking about.
Be careful!

Not in the same branch. Wouldn't be permitted.