De-banking Nigel Farage and the NatWest SARs
Written by Tom Gilligan
Data protection rights were at the centre of a controversy in the UK. Nigel Farage claimed to have been asked to leave a NatWest subsidiary, Coutts Bank, often referred to as being “de-banked”. The BBC ran a story about the matter. It subsequently emerged that the source of the story was Alison Rose, the Chief Executive Officer of National Westminster Bank. She was forced to resign after the full details became public. You can get the full details from the BBC news reports, here.
Mr Farage made a subject access request (SAR) and received a 40-page document. The document appears to support that NatWest had other motives in asking him to leave Coutts.
There are a number of data protection elements to the story:
- Comments in emails – never write in an email something you would not like to be made public. NatWest has already apologised for the language, describing it as “deeply inappropriate.” Mr. Farage claims to be taking a case against NatWest based on the comments.
- Subject Access Request – Mr. Farage used his access rights to find out how his personal data was processed by NatWest. He encouraged other people who were de-banked to take action. Apparently, NatWest and many other UK banks have received hundreds of SARs since the story broke. Please see the BBC report here.
- Confidentiality – did NatWest have a lawful basis for releasing information to the BBC, and did this breach their duty of confidentiality?
- Retention of records – when the results of access requests do not reflect well on the organisation, there is still a duty to preserve them. You cannot claim that the retention period has expired.
- Training – data protection training needs to reach all areas of the organisation, including the CEO!