A former Royal Financial institution of Scotland (RBS) department employee, who has held the private particulars of 1,600 financial institution prospects since utilizing them as a part of a work-from-home settlement in 2006, faces retaining the paperwork, which she mentioned have ruined her life.
A deadline to signal a contract for the return of the recordsdata, which the financial institution gave her as a part of her job greater than 15 years in the past, handed on 30 September with out settlement.
The previous worker, who wished to stay nameless, labored at a department from 1998. She was supplied the chance to earn a living from home in 2006 and, on the financial institution’s directions, used buyer banking data to assist her to generate mortgage and loans enterprise.
Till 2009, she obtained paper paperwork with buyer data from her supervisor. When she grew to become involved that the association might breach knowledge safety guidelines, she contacted an recommendation line throughout the financial institution in regards to the data saved in her residence. However after placing every part in writing to her supervisor, she inadvertently blew the whistle on the lax knowledge safety practices. She was suggested to acquire a receipt from the financial institution earlier than handing again the knowledge to guard her personal place from attainable future litigation.
The employee was dismissed in 2009 for not returning the documentation, with “flagrant disobedience following an inexpensive instruction from a extra senior worker” given because the official motive. An employment tribunal later upheld the choice.
The Info Commissioner’s Workplace (ICO) investigated the working-from-home association and mentioned on the time: “Whereas this incident was a ‘native’ subject at department degree, RBS didn’t keep compliance with the seventh knowledge safety precept throughout the interval in query. Each events have been made conscious of this determination. No additional motion was taken by this workplace and the case was closed and stays closed.”
Nevertheless it was not closure for the whistleblower, with about 1,600 paper recordsdata containing confidential buyer particulars remaining in her residence. These included paperwork with buyer names, addresses and phone particulars, in addition to account abstract/historical past data.
The ICO labored with all events for the protected return of the paperwork and every part throughout the settlement it negotiated was agreed, aside from the financial institution indemnifying the previous employee towards future claims associated to the storing of the knowledge in her residence.
NatWest agreed to subject a receipt for the paperwork, however didn’t comply with indemnify the previous worker.
After the 30 September deadline for settlement handed in stalemate, the previous financial institution employee instructed Pc Weekly that the financial institution had ruined her life. “My psychological, emotional, social and bodily wellbeing has suffered during the last decade,” she mentioned.
“The financial institution’s representatives prompted me and my household pointless struggling and misery. Not a day has passed by within the final 11 years when I’ve not thought in regards to the financial institution’s behaviour, and the way it left me with the accountability of taking care of monetary paperwork referring to its prospects, when this data could be confidential to the financial institution and its prospects.”
She mentioned she had needed to reside with the fixed strain of sorting the matter out whereas grieving the lack of each her mother and father, and supporting a younger household. “I used to be unable to correctly grieve over the lack of my mother and father as this subject consumed my each being,” she mentioned.
“I used to be, and nonetheless am, eager to have the settlement put ahead by the financial institution signed and the shopper knowledge collected, as I’ve all the time made clear I needed to do over a really lengthy interval.”
The previous worker has written to NatWest CEO Alison Rose 9 occasions since June requesting an replace on the phrases of the settlement and the return of the paperwork, however has not obtained a written response from the financial institution.
“This persevering with and fully pointless silence from the financial institution is having an ongoing detrimental impact on my well being,” she mentioned. “My life is worrying sufficient because of the financial institution’s behaviour and their lack of response will not be making it any much less worrying. I additionally need the regulator to control. It shouldn’t have been left to me to cope with a really severe knowledge breach for the final decade.”
Pc Weekly requested NatWest for touch upon its present stance on the matter, however it didn’t reply.
In late July, the ICO ended its involvement within the matter. The previous worker mentioned she had written a letter of criticism to data commissioner Elizabeth Denham and desires the regulator to stay concerned till the paperwork have been returned to the financial institution.
On the time, IT lawyer Dai Davis requested why the financial institution had not obtained a courtroom order to have the paperwork returned. “The financial institution has most likely decided that, on the steadiness of issues, it’s not price it,” he mentioned. “The info is stale and it’s not actually a danger.”
Pc Weekly requested the ICO to touch upon its present stance on the matter, however didn’t obtain a response.