Myth Number Four
“The Data Protection Act means a company is never allowed to give a customer’s details to a third party”.
Where an organisation is satisfied that someone asking for information about another person’s account is authorised to access it, the Act does not prevent this. From time to time, the Commissioner receives complaints from a parent that a bank or a phone company refuses to allow them information about their adult child’s account, or from someone complaining that a gas or electricity company will not tell them whether their elderly relative or neighbour is in arrears and in danger of being cut off. Organisations should be cautious about releasing a customer’s details. There is a market in personal information and unscrupulous individuals try to obtain information about others by deception. Where a couple are estranged, or parents and adult child are estranged, one party may try and obtain information by deception.
Therefore organisations must have appropriate safeguards in place to ensure that, if staff decide to reveal a customer’s personal details, such as bank account information, they are sure that the person they are speaking to is either their customer or someone acting on their behalf (for example, evidence that the account holder has given authority). Staff should consider whether or not they actually need to give out any personal information. There may be occasions when it is reasonable to reveal some limited information to someone other than the account holder. Organisations have good reason to be careful about accepting instructions from someone other than the account holder where this will result in charges being incurred, even if no personal information will be released. However, this is a matter of contractual obligations and not data protection.
Where one individual frequently acts on behalf of a relative or partner they should see if it is possible to provide the relevant organisations with evidence of authorisation, perhaps by means of a password.
The Information Commissioner's Office has produced some practical guidance on this subject.