A former employee of Barclays Bank has been fined £3,360 for illegally accessing account details.
Jennifer Addo, 27, was found to have accessed the account details of the partner of a friends of hers on 22 occasions, back in 2011. This included finding out how many children the partner had, and telling the friend.
The case came to light when the partner complained to Barclays that Addo's friend knew information that could only have from his bank.
When quizzed by the bank, Addo revealed that she knew this was illegal but did so anyway. She has sinced been fired by Barclays.
The Information Commissioner's Office said the reason why Barclays was not itself prosecuted was that Addo had abused the access she legitimately needed to do her job, in a way that was explicitly banned by the bank.
“The banking industry has rigorous procedures and safeguards in place to make sure customers’ details are kept secure," said Stephen Eckersley, head of enforcement at the ICO. "However banks rely on the honesty and professionalism of their staff to ensure that the privileged access given to their records is not abused for personal gain.
“Jennifer Addo knew she was breaking the law by inappropriately accessing the complainants’ details and passing information to a third party but still decided to act. She is now facing the consequences of her actions.
Eckersley added that the fact that convicted offenders such as Addo only receive a fine is evidently failing to deter privacy breaches.
“This case proves, yet again, why we need a more appropriate penalty for the crime of personal data theft," he said.
"With the law as it stands, this prosecution isn’t even recorded on the police national computer which means that an offender could apply for a job in a high street bank tomorrow and the potential employer wouldn’t be informed about the offence.
"The current 'fine only' regime is clearly not deterring people from breaking the law.”
This is not the first data protection incident at Barclays. In 2011, a customer was denied a mortgage after a faulty software system at the bank accessed her credit history multiple signs, which credit rating agencies take as a signal of bad credit.
The ICO ruled at the time that it was "unlikely" that Barclays had complied with the Data Protection Act, but decided against taking action against the bank.
Also in 2011, a Freedom of Information Act request by Which? found that Barclays was the bank about which the ICO received the most complaints.
Barclays insists that privacy and data protection are high priorities.
Earlier this month, the bank launched a new cloud storage service on which customers can store important documents and bank records, called "Cloud It'.
A recent survey found most UK citizens are more inclined to trust their bank to handle their personal data than any other organisation. Only 6% of respondents trusted social networks most of all.