RBS facing claims it breached Data Protection rules
The Royal Bank of Scotland (RBS) is facing claims it breached the Data Protection Act by falsifying customer information.
The bank is accused of altering its “central file” of customer correspondence as well as editing customer emails and call transcripts to such an extent that it caused a customer’s business to fail.
According to reporting by the Times, RBS customer and former Metropolitan police sergeant Andy Keats believes that the bank’s alleged activities not only destroyed his business but also led to the bank seeking to repossess his home.
Keats, now a director of the complaint investigation firm Serious Banking Complaints Bureau, says he found thousands of discrepancies among RBS files which he claims show the bank altered customer data to suit its own purposes.
Keats says that upon accessing records held by RBS about him and his business, he noticed significant inconsistencies between the bank’s records and his own personal records, including whole sentences and paragraphs apparently removed from the bank’s version.
The UK’s privacy regulator, the Information Commissioner's Office (ICO), and the Financial Conduct Authority have both been made aware of the claims.
While the bank is allowed to summarise certain customer correspondence, it is not allowed to change the meaning of the records or delete any data.
Keats claims he holds records showing that RBS went beyond these limits, by altering words, sentences, paragraphs and punctuation in customer emails without showing that changes had been made. He alleges that the changes led to his business being shut down and the attempt to repossess his house. His claims date from 2012 but the dispute is ongoing.
RBS told Computing.co.uk in a statement that it was cooperating with the ICO and Mr Keats and took its obligations under the Data Protection Act “very seriously”.
"RBS takes its obligations under the Data Protection Act very seriously and at all times seeks to cooperate fully with customers' Subject Access Requests. We provide customers with all relevant personal data in a readily accessible format, wherever possible," it said.
The statement added that "any redacted information will have been carried out in accordance with the exemptions permitted under the DPA. We also work closely with the Information Commissioner's Office, both in preparation of customers' SARs and in responding to complaints made."