All the same, the fact that such information is being kept on banks' computers raises two specific fears. One is that banks may make use of the information they build into their so-called 'personal profiles' in deciding who to lend money to and on what terms, and may thus be tempted to discriminate against minorities or those whose politics they dislike. The other is that although the banks may not misuse the information themselves, they may all too easily pass it on to others who will.
NatWest has categorically denied the first suggestion. On the second, however, its answer is less satisfying. The bank says it has never passed on such confidential information without customers' consent. But some banks ask customers who open new accounts to sign catch-all documents giving their bank permission to disclose almost anything to almost anyone. Sir Bryan Carsberg, the Director General of Fair Trading, accused the banks last week of using this and other devices to circumvent the spirit, and perhaps even the letter, of their own code of practice.
Since customers have a legal right under the Data Protection Act 1984 to see the computer information stored on them by banks and others, the embarrassment of having to reveal precisely what details they have been keeping may shame some institutions into mending their ways. If enough customers start to ask for the information, a bank that is willing to take a more enlightened view of their privacy than its competitors may hope to win a flood of new business.
All the same, the revelations are a depressing reminder of regulatory failure. The office of the banking ombudsman, set up by the banks themselves, has taken the narrowly legalistic line that its job is to investigate only individual complaints and not broader issues like this. Under current data-protection rules, banks and others are allowed to register databases in terms that allow them to collect an absurdly broad range of information for loosely drawn purposes, and to give it out to whom they like. The Labour Party may be right in thinking that new legislation is necessary to protect customers from abuse. But it would be a fine start for the Data Protection Registrar to be more aggressive in refusing registrations that are too woolly, and to make more active use of the powers he already has to find out whether information is being abused.Reuse content