The president of the Office for individual Data Protection (UODO) decided to impose financial penalties on 2 giant banks – Santander Bank Polska and Toyota Bank Polska. The reason for this decision is the revealed breaches in the protection of clients' individual data, which caused large concern in the community.
In the case of Santander Bank Polska, the incidental came to light thanks to media reports. The focus was on making public bank papers which were found in a stolen and abandoned courier delivery. Surprisingly, the bank did not notify the office of the leak of delicate data of its customers, specified as names, names, PESEL numbers, address details, account numbers or access passwords.
In his defense, the bank argued that the shipment was rapidly recovered, and the individual who found it provided papers to the police, ensuring that no copying had taken place. However, the UODO stresses that the hazard assessment of breaches of the rights of individuals should be carried out from the position of possible victims alternatively than the interests of the data controller. As a result, a punishment of over PLN 1.4 million was imposed on Santander Bank Polska, which is 1 of the highest penalties in the past of the Polish banking sector.
Toyota Bank Polska was besides punished, although in a much lower amount – 78 1000 PLN. In this case, the bank only reported a breach of data protection a year and a half after the incident, and this was only after the intervention of the UODO, which occurred after receiving a complaint from the injured client. In accordance with the applicable rules, the data controller should study the breach no later than 72 hours after its determination. This hold in reporting the incidental was met with disapproval by the supervisory authority.
Even if the data leak is not straight attributable to the responsibility of a peculiar institution, it is the work of the institution to study the incidental to the applicable authorities. This rule is crucial for ensuring the safety of client individual data and building assurance in financial institutions.
Personal data protection: a key challenge for financial institutions
The incidental related to disclosure of individual data of customers of Santander Bank Polska and Toyota Bank Polska is simply a informing to the full financial industry. individual data protection is becoming an increasingly pressing problem, especially in a time of dynamic technological improvement and increasingly sophisticated cyber attacks.
Banks and financial institutions which store immense amounts of individual data of their customers must be peculiarly delicate to the safety risks they pose. Data safety is not only a regulatory issue but besides a fundamental component of client assurance in an institution.
In the face of expanding incidents of individual data breach, banks must invest in advanced IT safety systems and supply regular training for their staff in the field of data protection. Furthermore, client awareness of cybercrime risks should be increased and encouraged to apply the principles of safe usage of banking services.
The protection of individual data is not only a legal work but besides a moral and ethical obligation. Financial institutions, as individual data managers, are required to defend the privacy of their customers and to guarantee that they feel secure. Otherwise, they hazard losing client assurance and violating the company's image, which may have serious financial and reputational consequences.
Personal data protection should so become a precedence for all financial institutions that want to gain and keep the trust of their customers and last in an increasingly competitive marketplace environment. Only through effective data safety actions can stableness and growth be ensured over a long period of time.
