Most of Britain's major High Street banks are among 13 financial and other institutions that have had to sign undertakings to take better care of their rubbish.
A crackdown by the Information Commissioner's Office (ICO) followed a series of incidents where organisations, among them the Post Office and the Immigration Advisory Service, broke data protection rules by dumping customers' personal details in outdoor bins.
In a report published yesterday, the ICO found all 13 in breach of the Data Protection Act. ICO deputy commissioner David Smith said they "carelessly" threw away customer information. The National Consumer Council (NCC) said customers had been put at risk of ID theft.
Ordering them to sign a formal undertaking to comply with the Data Protection Act in future, the privacy watchdog said failure to do so would result in further enforcement action - possibly prosecution.
Scotland's big three banks, the Royal Bank of Scotland, Clydesdale and HBOS, were on the list - although only two Scottish branches were involved. At a Glasgow branch of the Royal, a private banking form, computerised printout and a pre-release funds check-list were found in bin outside.
At the Clydesdale's Giffnock branch, items found in bins included a telephone banking form containing a customer's name and contact details, six cash deposit bags showing customers' names and account numbers as well as 22 computerised printouts showing direct debits and bank giro credits to customers' accounts.
Others found in breach were Alliance & Leicester, Scarborough Building Society, NatWest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank, and Nationwide Building Society. Each of the firms dumped personal information in bins outside their premises, the ICO found.
Mr Smith said: "It's unacceptable for banks and other organisations to carelessly discard customers' information. It's vital banks and other organisations take security seriously.
"If they do not, they not only risk further action from the Information Commissioner, but also risk losing the trust of customers. Individuals must feel confident banks and other organisations are safeguarding their personal information."
Campaign group Scamsdirect.com last year told the ICO that Natwest and the Royal Bank of Scotland had dumped customers' financial details in bins near two branches in Hampshire.
It told the ICO that cut-up credit and debit cards, money deposit details and bank account information were left. The campaign website also told the ICO it found customers' personal details thrown into a post office bin in a street in Southampton.
These included customers' bank details, National Insurance numbers and passport numbers. The ICO is the UK's independent authority set up to promote access to official information and to protect personal information.
Responding to the ICO's findings, the NCC said: "This is a complete breach of customer trust and shows total disregard for the handling of highly sensitive information, which customers automatically entrust banks with.
"We ask whether banks are now going to notify customers that their personal information may have been compromised?"
A Royal Bank spokesperson said: "The ICO is referring to a handful of historic cases and as soon as we were made aware of these potential breaches we immediately took action.
"We do comply with the Data Protection Act and have invited the ICO to take a look at our security measures."
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereComments are closed on this article