ICO warns banks over data duties as ‘Farage-gate’ rages

The Information Commissioner’s Office has waded into the row over reports that NatWest Bank shared personal financial information about Nigel Farage with the BBC, and has rifled off a warning letter to the banking trade body to remind its members of their responsibilities in keeping data confidential.

The issue erupted a fortnight ago, when Farage reported that his bank account at NatWest-owned Coutts had been closed. At the time, Coutts claimed it was because he was not earning enough; Farage claimed it was because of his political views.

The former MEP then used one of the key tenets of GDPR – an EU law he ferociously campaigned to scrap following Brexit – to carry out a free subject access request (SAR) to find out what information Coutts held on him.

It has since transpired that NatWest boss Dame Alison Rose was forced to resign after admitting that she had discussed Farage’s bank details with a BBC journalist, suggesting that his account at Coutts had been closed only for commercial, rather than any political, reasons.

Information Commissioner John Edwards said: “The banking duty of confidentiality is over a hundred years old, and it is clear that it would not permit the discussion of a customer’s personal information with the media.

“We trust banks with our money and with our personal information. Any suggestion that this trust has been betrayed will be concerning for a bank’s customers, and for regulators like myself.”

On the complaint Farage has raised with the ICO, Edwards added: “This case is out of the ordinary in terms of its profile, but it is important that we follow our usual processes and procedures. This means that an organisation would be given a chance to respond to a complaint before the ICO gets involved.”

Edwards has now written to UK Finance, the trade association for the UK banking and financial services sector, to remind them of their responsibilities on information they hold.

On suggestions that banks have gathered excessive dossiers on customers, Edwards said: “Banks need to hold a lot of information about customers, to properly run their accounts, and to uphold the law around aspects like money laundering. But data protection rules still apply.

“Banks should not be holding inaccurate information, they should not be using information in a way that is unduly unexpected, and they should not be holding any more information than is necessary.

“Even the information banks gather around politically exposed persons must follow the law. We are working with HM Treasury, who set the rules in this area, and with the Financial Conduct Authority, who oversee those rules.”