The UK’s data regulator discovered that a Royal Bank of Scotland supplier had used voice-changing technology to steal personal information from bank customers, and then help the lender pursue debts.
The Information Commissioner’s Office said that Michael Isaacs would contact organisations like GPs, utilities and councils, pretending to be RBS clients, to record personal data to give to the lender.
Isaacs is the director of Datasearch Services, which RBS used to find people who owed the bank money and determine their assets and abilities to repay those debts.
The Commissioner’s Office said that it received a complaint in February 2016 from the bank “with concerns regarding the content of reports they had received from DSS”. Isaacs was found to have used voice-changing software in order to pass security questions and cover up his tracks. Isaacs would record personal details such as direct debits and bank account numbers to create a detailed profile for RBS. The commissioner stated that this level of detail was outside the scope of RBS’s agreement and remit.
In agreement with regulators, the bank stated that it had not informed any of its affected customers, and the commissioner felt comfortable with the lender’s conduct.
Banks and financial firms should be cautious to ensure that agents who trace their assets do not engage in unethical or illegal practices on behalf of the firm.
The regulator had long been concerned about the operations of tracing agencies and said that it was “looking at the methods and techniques” used by tracing agent to collect and use personal information.
In 2018, Woodgate and Clark an insurance company and two senior figures associated with the firm were fined record amounts for illegally obtaining the private bank records of a man using private detectives.
There is concern that similar abuses often go unpunished. The regulator did not know the number of customers affected by Isaacs’s activities, but it indicated that all 166 “trace reports” by him it had seen contained illegally obtained personal information.
RBS did not know about Isaacs’s conduct before reporting him to the commissioner. The bank refused to answer several questions including when they first contacted Isaacs or how many files DSS dealt with.
William Wragg, MP and co-chairman for the all-party parliamentary group on fair banking, said that the ICO’s “staggering statement” “raises many more questions than answers”.
How much data obtained illegally does RBS still have? What checks and balances does RBS perform on the investigators it hires? The questions are pertinent and RBS’ relative silence begs the question, “How widespread are these practices within our financial services industry?”
NatWest, the owner of RBS, spokeswoman said: “Since bringing the potential breaches to ICO’s notice, we have cooperated fully with the investigation.” We are happy that this case is now resolved.”
Isaacs pleaded to guilty in February on six counts of illegally obtaining personal information. He was ordered last month to pay £38,000.00 under a confiscation court order, after “benefiting” from his criminal behavior. He was fined PS10 560 and charged with court costs of £15,000.
Isaacs and DSS were not available for comment.
Post Disclaimer
The following content has been published by Stockmark.IT. All information utilised in the creation of this communication has been gathered from publicly available sources that we consider reliable. Nevertheless, we cannot guarantee the accuracy or completeness of this communication.
This communication is intended solely for informational purposes and should not be construed as an offer, recommendation, solicitation, inducement, or invitation by or on behalf of the Company or any affiliates to engage in any investment activities. The opinions and views expressed by the authors are their own and do not necessarily reflect those of the Company, its affiliates, or any other third party.
The services and products mentioned in this communication may not be suitable for all recipients, by continuing to read this website and its content you agree to the terms of this disclaimer.