I am publishing this due to the serious nature of it and as its in the public interest. As you may be aware I spotted that the Financial Ombudsman Service had splattered on the internet the name of a business that had approached them for help concerning a CBILS/Bounce Back Loan related complaint.
They should, and of course do assist with such complaints, but what they should not do is publish the details or any identifiers of that business or any person associated with it when making details of any complaints and the outcomes known to the public, but alas they did.
Now, you may think that is nothing to get all worked up about, but it took me less than a minute to discover who owns that business and where the business is based and the bank they are or were with.
This is what the British Business Bank had to say about such information being make public:
However, in typical idiot fashion, despite their own warnings, the British Business Bank have listed businesses with different Government backed loans on their website: If you so desire you can view them HERE
and BEIS are naming Recovery Loan, CBILS and CLBILS on their website too:
You can view them HERE (select loans/guarantees when you get to the options)
Anyway, I complained to the FOS who took well over 24 hours to remove the offending document, and below is their reply, I trust they have made contact with the Company involved and showered them with cash compensation etc, and trust they have reported their error on to the Information Commissioner’s Officer (ICO), for as clear as day the implications for that business could be dire, and the business relationship they have with their bank.
For reference I did alert the ICO on Twitter, but they couldn’t be arsed responding as of the time of writing this update (17:46 Friday 21st January 2022)
Anyway, here is what the FOS have stated:
“Thank you for your patience whilst we’ve looked into the concerns you’d notified us of on 18 January 2022.
As you may know, I work in the Information Rights team and your concerns were being reviewed by me to consider.
I’m sorry it’s been necessary for you to raise this concern with our Service, as well as members of parliament and other regulatory institutions.
As an organisation, we take data protection matters very seriously so we’ve looked into the concerns you’ve raised. I’ve set out my findings below.
As I mentioned, you brought your initial concerns to us on 18 January. You made us aware there was a published final decision on our website which contained the name of a limited company that had brought a complaint to our Service to consider.
Generally, our published decision are anonymised, and the name of the limited company would be redacted or we would use an initial. An initial was used throughout, apart from the one exception brought to our attention.
We have taken measures to put the situation right, which includes, as you are aware, taking down the published decision.
Thank you for bringing this matter to our attention, and for making us aware you have notified the Information Commissioner’s Office of this error.
It’s disappointing for us that this error had occurred, but I’m satisfied we have now taken the appropriate steps to rectify it.
If you do use their service I would suggest you get it in writing they won’t go splattering your details all over their website…..