The following is largely self-explanatory.
Summary: I am trying to update the bank account data (direct debit
mandate) held by my broker who is a mainly internet based business. I
don't use this company that much,
They will not accept a change to my direct debit mandate unless I send
them **originals** of my old and new bank account statements, and they
freely admit they will copy and store the personal financial data
contained therein. My response to this was to close my account and to
make the following points ..
Any comments anyone?
--
29^th February 2008
Head of Compliance
Sxxxxxxxe
xxx
E14 xxxx
Dear Sir or Madam,
*Account number xxxxxxx*
You lost a customer of many years standing today.
Despite the very small nature of the account, I would submit that is not
a good thing for your business to lose any customer.
*The background*
Some months ago, I closed a personal bank account. It turns out that
this was the account for which you previously held a direct debit
authority. As I had not bought or sold shares in several years, it was
only upon reviewing my account with you recently I discovered you held
out-of-date bank details.
I telephoned, and was advised by your company to complete an updated
Direct Debit mandate form which I downloaded from your website, fully
completed in all particulars, and sent to you.
By return I receive a demand from you to send you my personal, original
bank statements (although such demand is not contained on the direct
debit form). These statements contain personal and private data which
have no relevant to our relationship. You also told me I must send
statements for both old and new bank accounts, and no statement may be
less than 3 months old.
I spoke to your representative Mr West who insisted that all-original
documents were required by the Financial Services Authority
moneylaundering rules.
He told me that the purpose for which this was being demanded was to
'verify that the name on the bank account was my name', and that
original bank statements were required as I 'could make up my own using
a computer'.
My current bank encourages its customers not to receive paper statements
at all (although I do at the moment)and to use their internet banking
facilities. (My old bank account was closed many months again and no
statements exist that are less than 3 months old). I asked to speak to a
Compliance Manager.
Your Mr yyyyy (expressed as being Mr xxxxx's supervisor) refused to
speak with me.
Mr xxxx informed me(by relaying messages from Mr yyyyy) that your Head
of Compliance would not discuss the matter with me as he does not deal
with complaints from customers which must be directed to the Complaints
Team. (You must have a lot of complaints if you have a special Team for
them!).
He also informed me that Mr Wilson was too busy to talk to me as he was
on other calls. In view of this, I asked to escalate this to the next in
line. Your Mr zzzzzz Head of Operations repeated the demand for the
abovementioned original bank statements. He suggested that I 'black out'
any information which I did not want xxxxxx to have but that the
documents must be original bank statement. No rule of statute or common
law can require me to choose between supplying you with excessive data
or defacing my originals. That is Hobson's Choice, and either choice
results in an infringement of my Art. 8 Convention rights. In your
position as Registered Compliance Officer (and the person responsible
under the FSA licence for knowing this, please supply me with referenced
authority for any FSA regulation requiring this. No such rule can exist
as it would be unlawful under the provisions of the HRA 1998.
_*There is no way I will deface my original documents and you have no
right to suggest it!*_
Mr Greenwood then put me on hold,. I gave up after being on hold for
approximately 15 minutes (my phone has a timer).
I called back, and was told I should expect a call from a Mr xyzzy. He
must have been expected to have telepathic powers, since at no time were
my telephone contact details taken, so I left my phone number.
Mr xyzzzy rang back. He confirmed that your company intends to stand by
its demand for original bank statements and upon receipt thereof would
store my personal and private transaction information (in the form of a
photocopy of the statements) despite such transaction data being
entirely unrelated to our business dealings.
*He further confirmed that your company's only purpose in requiring a
copy of old and new bank account statements was to verify the new bank
account was in the name of the xxxx account holder.* (How does the old
bank account statement do that?)
He also confirmed that your company is prepared to use different methods
where the customer concerned does not receive paper statements from his
bankers (i.e. where they use internet banking) This proves that your
request in any event is unnecessary.
_Under the Data Protection Act 1998, the information you are asking for
is entirely excessive for the stated purpose_. A requirement regarding
verification of name of bank account cannot require me to supply you
with the details of personal transactions on that account which do not
relate to you and which you then store.
In the current climate on heightened awareness of Data Protection
issues, there is no way in which I am prepared to send you original bank
statements, whether of my old or new account. The reasons include:
*
Such documents are valuable, at risk of loss and put me to the
risk of information and/or identity theft if put in the post. You
confirmed to me that you did sometimes lose such originals.
*
Furthermore the data contained in the information which you intend
to collect is excessive for the purpose you stated, which when all
is said and done is merely a change to the direct debit mandate on
my account.
*
*You do not need the transaction data on my statements for any
purpose whatsoever. *To refuse to change my direct debit mandate
until I provide documents containing data unrelated to your
purpose is a gross intrusion into my financial privacy.
*
*You do not need this information to verify me as a customer under
'KYC' regulations*. You have already done that. I have previously
fulfilled all your identification requirements including passport,
address proof, inside leg measurement and the like.
Let's get real. All we are trying to do here is merely to set up a
replacement direct debit authority.
Your procedures are excessive, unlawful under the Data Protection Act,
as well as being intrusive and bureaucratic.
In view of your renewed insistence on receiving this excessive personal
data, I shall writing to the Data Protection Commissioner asking him to
conduct a Formal Assessment of your company's data protection regime,
especially in the light of the originally expressed statement (by Mr xxx
) that a compliance manager would not speak with me (although following
my escalation, you did, in fact telephone me an hour or so later).
The customer service issues revealed in the above statements are
entirely a matter for you to deal with and I do not require a response
on that. As I do not intend to do further business with you, it is not
my concern if you alienate more customers. That is entirely a matter for
you. I really don't care anymore.
_*Please close my account with immediate effect. *_
I hereby give you notice that you must repay the balance of my account
within 7 days.
Please also send me paper copies of all the data contained in my account
file (to which I am entitled under s.29 DPA 98) in order that I may have
access to all relevant data for my records after my access to your
online system has ceased.
Yours sincerely
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|