Britain's biggest banks appear to be breaching data protection rules "with alarming regularity", a consumer group has said.
Which? Money said during the year to the end of August 2010, 515 complaints were lodged with the Information Commissioner's Office (ICO) about possible data protection breaches by the country's eight largest banks and building societies in which the ICO thought it was likely the company concerned had broken the rules.
But the consumer group, which obtained the data through a freedom of information request, said with only 13% of consumers having heard of the ICO, the number of breaches that were actually reported could be just the "tip of the iceberg".
Barclays was found to have the highest level of suspected breaches at 116 complaints, followed by Lloyds TSB, which is owned by the part-nationalised Lloyds Banking Group, at 114 and Santander at 103.
More than half of the complaints arose as a result of the banks failing to provide customers with proper copies of the data they held on them.
Other potential breaches included banks holding inaccurate data about customers, staff failing to follow security measures and the disclosure of data to third parties.
Richard Lloyd, executive director of Which?, said: "Banks and building societies hold incredibly sensitive information and the impact on customers can be serious if they mishandle it, from affecting credit ratings to leaving people open to fraud.
"Consumers who suffer financial loss or stress as a result of data mismanagement by firms should be entitled to compensation.
"Regulators need to impose much tougher sanctions on firms who are lax with people's data as the message clearly isn't getting through."
The group also found evidence that the way banks and other financial services firms handled data was getting worse.
It said that while data-related complaints against other organisations, such as local authorities and HM Revenue & Customs, were going down, the number of complaints made against financial services companies rose to 1,173 in 2009, up from 1,060.
A Barclays spokeswoman said: "Barclays takes its data protection responsibilities very seriously - we have no greater priority than the security of our customers' money and personal information.
"Which?'s numbers represent assessments, not breaches. For half of the assessments in the period mentioned, we demonstrated we were compliant and the majority of those upheld were in relation to subject access requests - not breaches of data security as such.
"Whenever there is a threat of a data breach we ensure we alert the ICO, Financial Services Authority and our customers and do everything we can to minimise the risk."
A Santander spokesman said: "Santander has a legal obligation to protect customer data and it can't be stressed enough the considerable lengths we go to and measures we employ to protect customer data.
"In the very small number of instances where customers believe something has gone wrong - the Which? investigation found 103 complaints against Santander out of a customer base in the UK of 25 million people - we will look at these in detail to see what has happened."
The British Bankers' Association said: "Many of the cases referred to by Which? are not security breaches at all, but are cases where customers have disputed the information contained on their records or allege that banks have not provided all the personal data they are entitled to receive about themselves under the Data Protection Act, and the Commissioner has been asked to investigate.
"Growing numbers of cases stem from claims handling companies, which dispute their customers' records in order to try to strike out credit agreements.
"All of the UK's banks take data privacy extremely seriously. All complaints are fully and immediately investigated and remedial action taken where necessary to ensure no harm comes to any customer."
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies