Fos has claimed that more data protection breaches are coming across its radar, where providers have disclosed personal and sensitive financial information.
According to Fos, one complaint involved a mortgage lender providing personal financial information about its client, Mr H, to his partner – who promptly left him when she found out he had debt problems.
The case study said that Mr H lived with his partner, Miss A, and their children. The mortgage on their house was in Mr H’s name. He had been having problems keeping up with his repayments for some time, but had not told Miss A.
The study said: “Worried that their home would be repossessed, Mr H asked Miss A if she could make a repayment. Mr H called the mortgage company to make the payment, and Miss A gave her payment details over the phone. During the call, the mortgage company told Miss A the account was significantly in arrears and by how much.
“A few days later Miss A left Mr H and moved away with their children. Mr H complained to the mortgage company, saying they should not have given Miss A details about the mortgage and the arrears.”
The mortgage company apologised for giving out the information – but Mr H then contacted Fos, saying he did not feel the mortgage company appreciated the consequences of their mistake.
Although Fos did not agree that the data breach had been a direct reason for the relationship ending, it did acknowledge the mortgage company had made a “serious error”.
The case study said: “We pointed out to the mortgage company that they had made a serious error in disclosing sensitive information to a third party. Whether or not this was responsible for his relationship breaking down, it had caused him a considerable amount of stress and embarrassment.
“When we explained the impact this had on Mr H, the mortgage company offered to pay him £450 to recognise the upset they caused.” Mr H accepted the ombudsman’s findings.
Fos response
In the latest edition of the Ombudsman News, Fos chief ombudsman Caroline Wayman said: “Because of the personal nature of the information involved, people often feel very strongly that we should punish businesses that have acted wrongly. We are careful to explain that it is not our job to fine a business.
“Our job is to help a business make up for both the financial and non-financial consequences of any error, including any upset someone’s experienced as a result. While the Information Commissioner’s Office is responsible for fining organisations that breach data protection law, it cannot compensate their individual customers.”
