RBS accused of 'falsifying' customer information in breach of Data Protection Act - UPDATED

RBS tells Computing it takes obligations under the Data Protection Act "very seriously"

The Royal Bank of Scotland (RBS) has been accused of breaching the Data Protection Act by editing customer emails, call transcripts and altering how it presented its "central file" record of correspondence.

According to The Times, the claims have been made by an RBS customer who believes that his business failed due to the alleged nefarious activities by the bank, which also sought to repossess his home.

The UK's privacy regulator, the Information Commissioner's Office, and the Financial Conduct Authority (FCA) have both said they're aware of the claims against RBS.

Andy Keats, a former Metropolitan police sergeant and a director of complaint investigation firm SBCB, claims he has discovered thousands of inconsistencies within RBS files, which demonstrate that customer data has been "falsified" to suit the bank.

The records held by Keats reportedly demonstrate that RBS altered customer records by changing individual words, sentences, paragraphs and punctuation of customer correspondence without acknowledging that alterations had been made.

As a data-holder, the bank is entitled to summarise customer records under certain circumstances, but it is not allowed to alter details in such a way that they change the meaning of the records, nor is it entitled to delete the data.

However, Keats claims that RBS has made hundreds of alterations to emails, falsifying data to suit the bank's needs. Keats alleges that the alterations led to the shutdown of his business and an attempt at repossession of his home. The claims originate from 2012, but Keats remains in dispute with the bank.

Earlier this year, 600,000 RBS customers were affected by an IT glitch that caused payment information to go astray.

Update: In a statement to Computing, RBS said it is taking the claims very seriously.

"RBS takes its obligations under the Data Protection Act very seriously and at all times seeks to cooperate fully with customers' Subject Access Requests. We provide customers with all relevant personal data in a readily accessible format, wherever possible," it said.

"Any redacted information will have been carried out in accordance with the exemptions permitted under the DPA. We also work closely with the Information Commissioner's Office both in preparation of customers' SARs and in responding to complaints made," the statement added.

RBS added that "We are cooperating fully with the ICO and Mr Keats" and "It would be inappropriate to comment further on this specific case".