Bank - Info passed to 3rd party

R

raspberry

Registered User
Messages
8
Hi, before approaching the bank in question. I want to run this event past the experience of the contributors here on AAM.

A colleague of mine (lets called her Mary) who banks with one of the main Irish Banks is in the middle of family dispute.
The other party in the dispute approach Mary's bank and asked the bank to verify details about Mary's bank account, bank account status (Open /closed date) and other details to prove/disprove her financial status. There were no court or solicitors involved in the request. The other party took it upon themselves to seek this information.

The Bank gave out the details and more!

When Mary discovered this, she approached the Bank Mgr who authorized the release of the information and he begged and pleaded with Mary not to take matters further as he would lose his job.....he laid it on thick pulling at her heart strings! the Bank Mgr also promised to put a note on Mary's account to not disclose any more info.

Mary wants to know exactly what information was passed between the Bank and the other party.

How best should she approach the bank to get this information and what can she do to protect her bank information going forward (other than change banks!).

Thanks.
 
Mr Bank Mgr knew the consequences of what he was doing but did it anyways, so ignore his begging. Proceed with complaint to the bank and to the Data Protection Commissioner and engage your solicitor.
 
As I was reading the OP, I was thinking that some junior member of staff missed data protection training day. Then you said it was the bank manager who gave out the information!!! :eek: He should man up and accept his responsibilities. There is no excuse for someone in a senior position to making such an error. Is he the kind of person you want running your bank branch?


Maybe he knows he'll be fired as this isn't the first time he has made such a serious mistake...



Steven
www.bluewaterfp.ie
 
Thanks for all your replies.

I dont want to name the bank for obvious reasons but would anyone know what dept/section of a bank 'Mary' could contact to find out what information has been passed back and forth.

I agree she needs to report it and make a compliant, however, her immediate desire is to find out what information was given out, as I think she is fearful of engaging a solicitor too early in the process in case the bank clam up and disengage with her.

I suppose what I am trying to ask is....Does any one who works in a bank know of the internal dept/section she needs to contact to get the information she needs now, and then she can take matters further when she feels ready. (she is still mid-dispute with the other party and I think she is a bit overwhelmed and doesnt want to start a new 'fight' until she is ready)

Thanks again.
R
 
raspberry said:
the Bank Mgr also promised to put a note on Mary's account to not disclose any more info.
Click to expand...
So there's now a note to remind staff that they should follow data protection law for this particular account. Well that's a relief.

raspberry said:
Does any one who works in a bank know of the internal dept/section she needs to contact to get the information she needs now.
Click to expand...
I'd start with a request under the data protection act for everything the bank has got in it's records relating to Mary, her accounts, and all interactions with the bank. The bank may or may not record the sort of incident which caused the problem, but it's worth a shot. https://www.dataprotection.ie/docs/Accessing-Your-Personal-Information/r/14.htm

Collecting documentation first the way to go. The bank's version of events could change dramatically once the case finds it's way to hq and the legal department.
Has Mary got proof of material damage? I'd be (pleasantly) surprised to see an Irish court award significant punitive damages against an Irish bank.
If Mary is a part of a small community, tongues will wag. It's a potential cost to be considered.

All that said, if this is pursue-able for her, I'd encourage her to pursue it. The only way to prevent this kind of thing is to punish it when we discover it.
 
Perhaps she could do a Data Protection Act request and specify that they need to include details of exactly what information was issued to the named person on the date in question. If the information wasn't issued in written form then she may have trouble proving they did anything anyway and if it was written the Data Protection section will be on notice.
 
raspberry said:
I dont want to name the bank for obvious reasons but would anyone know what dept/section of a bank 'Mary' could contact to find out what information has been passed back and forth.
Click to expand...

I am approaching this from the view of a banker. What you are now proposing is to approach an illegitimate act on the basis of a legitimate information request. This manager has committed a serious breach of confidentiality and the only action that should now be taken is to report this breach to the HO of the institution. The only person who will be aware of what information was disclosed is the official in question and if he refuses to do so then there is unlikely to be any other way of finding out.
It seems amazing that the manager admitted his breach of confidentiality given the likely outcome for him and Mary should be prepared for a strong denial following any official complaint. Has she any evidence of the breach other than her own assurance that he admitted it to her?
 
Wow, that is astonishing. Truly shocking. I work in an industry where it's not exactly top secret stuff going on and even we know not to give out customer information (even without data protection training!). Mary should have heads for this.
 
44brendan said:
......... Has she any evidence of the breach other than her own assurance that he admitted it to her?
Click to expand...

Yes, she has evidence. The communication from the bank to the 3rd party was by email. The email was sent from Bank Employee A and CC'd to Bank Manager. The 3rd party gave a copy of the email to Mary.

Mary contacted Bank Employee A who said I was told to do it by Bank Mgr. Bank Mgr then rang Mary and practically cried down the phone...wife, new baby need my job (sob sob).

So Yes, Mary has written documentation of the sharing of information.
 
Without going to deep here but is this a case of a husband ringing up the bank and inquiring on his wife's behalf ? The manager may well have just assumed no problems between the parties and readily gave out the information thinking it was a case of the wife not being able to contact him that day. Would not be unheard of in a local community I would imagine.
 
a formal complaint to the head office of the bank in question.
do not send the complaint through the branch or to the branch.
a data protection breach is a serious offence, and once notified to the head office, they have two days to notify the data protection commissioner.

[broken link removed]

resolution of the situation is usually dealt with in a monetary gift, ranging from a few hundred to many many thousands, depending on the severity of the breach.
 
elcato said:
Without going to deep here but is this a case of a husband ringing up the bank and inquiring on his wife's behalf ? The manager may well have just assumed no problems between the parties and readily gave out the information thinking it was a case of the wife not being able to contact him that day. Would not be unheard of in a local community I would imagine.
Click to expand...

Hi, no the two people involved are not married. Nor Related by blood nor have the same surname.

They never shared a bank account or any other financial asset.

Mary and the 3rd party share a common relative but they are not related.
 
Elcato, my husband used to ask me to ring his bank for him, e.g. to get a statement posted out to him, order a chequebook etc - they would never do anything for me, all they ever said was he has to contact them himself as my name wasn't on the account (I wasn't even asking for info over the phone). Fair enough, that's how it should be.

Completely dumbstruck by this thread!
 
Must have been a very junior and/or uninformed bod who actually sent the mail to not tell the manager that this was a serious breach that could cost them both their jobs. I'd say Mr bank manager had best start updating his CV.
 
Raspberry I would refer you back to my original response. There should be no ambiguity here. The manager has breached the trust of his client and this needs to be reported. This act was naive in the extreme and should not be countenanced.

Elcato. There is absolutely no excuse for any bank official to disclose client information to a 3rd party. Wife, husband, son whatever!! I have no sympathy for any banker who discloses client information. Anyone who does so should be removed from their position and seek employment elsewhere. Our clients trust us with their financial information and breach of trust is one of the most serious acts a banker can commit.

(fully acknowledging that many bankers have displayed a complete lack of any morals/scruples in the recent past.)
 
I couldn,t overly disagree with 44 Brendan , but then
I wouldn,t wish to see anyone sacked.
There is an acknowledgment that Mgr goofed badly , and had the gumption to admit his error.
If the breach caused actual harm , then report. If not ,well maybe move on ?
Have we not all goofed in our time ? and this confidentiality breech , is it worth a sacking?
I think it is (Marys ) call on this,
Will it help anyone by a sacking ?
 
You must log in or register to reply here.
Back
Top