Bank fined £75,000 for data protection breach

The Information Commissioner’s Office (ICO) has fined the Bank of Scotland plc £75,000 for a serious breach of the Data Protection Act 1998. The ICO found that, over a four-year period, the bank repeatedly sent faxes containing customers’ personal data to the wrong recipients, by transposing numbers when dialling fax numbers. The data in the faxes included payslips, bank statements and mortgage applications.

This checklist highlights the key legal obligations that a business should consider when dealing with personal data about customers, suppliers, employees or any other individual who may be encountered during the course of business.