Search

How can we help?

Icon

Nigel Farage v NatWest: When you can’t bank on data protection?

If you have seen the headlines recently, you will have read that NatWest CEO Dame Alison Rose has resigned from her position following the row over Nigel Farage’s bank account and the disclosure of his banking data. There are clear failings on the Bank’s part with regards to its data protection obligations but what are the significance of these failings and how can organisations learn from these?

Summary of the data breach

At the end of June 2023, Mr Farage said that Coutts (owned by NatWest) had decided to stop doing business with him. It was unclear as to the reasons for this, however he was informed that it was a “commercial decision”. Mr Farage claimed that banks did not want him as a customer due to him being a “politically exposed person” (PEP).

Earlier this month, the bank confirmed that they did not want Mr Farage’s custom due to him not having enough money in his bank accounts. It was reported that Mr Farage’s political opinions were not a factor in the decision, however it appeared that this was not the case.

In response to a data subject access request, it was indicated that the bank had spent months compiling evidence on the ‘significant reputational risks of being associated with him’, where it was considered that Mr Farage’s views did not align with the bank’s ‘values’.

Following the controversy, it was then recently announced that Dame Alison Rose resigned after admitting to being the source of the inaccurate reasons for closing Mr Farage’s bank account.

Melanie Pimenta

Associate

View profile

+44 118 960 4653

The clear message here for organisations is that where they process personal data which relates to PEPs, such organisations should comply with the law at all times.

The significance of the aftermath of the data breach

The breach of Mr Farage’s personal data by Dame Rose is very significant, as Mr Farage was barred from using Coutts banking services due to being a PEP and this breaches the law. The other repercussions are that the bank has breached its confidentiality obligations and has arguably eroded public trust, particularly where the bank is partially owed by the taxpayer.

Financial data is personal data and personal data revealing political opinions is considered to be ‘special category’ or sensitive personal data and where there has been a leak of this data to the press, it will likely impact how customers consider if their personal data is handled securely by banks generally. It goes back to the general principles that banks should not be holding inaccurate information, they should not be using information in a way that is unduly unexpected, and should not be holding any more information than is necessary. Controllers are also under a duty to ensure that additional safeguards are in place for sensitive personal data.

Considerations

The Information Commissioner’s Office (ICO) has separately written to the main British banking lobbying group, UK Finance, to “remind them of their responsibilities to the public”. The clear message here for organisations is that where they process personal data which relates to PEPs, such organisations should comply with the law at all times. This breach also demonstrates another way that data breaches can occur generally, for example, by disclosing inaccurate personal data to third parties without the data subject’s consent. Organisations should therefore ensure that they hold accurate personal data about data subjects and keep this personal data confidential. A couple of ways to demonstrate such compliance is by keeping data protection policies updated and ensuring that staff at all levels are regularly trained on these.

If you need any advice in relation to data breaches or a data protection audit, please do not hesitate to contact a member of the data protection team.

About this article

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Melanie Pimenta

Associate

View profile

+44 118 960 4653

About this article

Read, listen and watch our latest insights

art
  • 06 February 2025
  • Privacy and Data Protection

Cookies and Consent: the ICO’s Cookie Review

In the digital age, cookies play a crucial role in how websites operate and interact with users.

art
  • 24 January 2025
  • Privacy and Data Protection

UK Data Protection: A look back at 2024 and what to expect in 2025

On 15 January 2025, Louise Keenan and Shauna Jones hosted our webinar “UK Data Protection: what happened in 2024 and what’s in store for 2025.” Our webinar is available for you to watch, but in this article, we will provide a brief summary of what was discussed.

art
  • 20 January 2025
  • Employment

AI Opportunities Action Plan – The impact of AI on employment

The Government has announced its ‘AI Opportunities Action Plan’ in which it plans to increase the use of AI across the UK to ensure the UK is a world leader in the field. 

art
  • 16 January 2025
  • Corporate and M&A

Business Asset Disposal Relief: Changes to CGT Relief and the Consequences for Business Owners

Developing a robust cybersecurity strategy is essential to ensuring value retention, securing sensitive data, minimising risks and a seamless transfer during and after the merger or acquisition.

Pub
  • 10 January 2025
  • Privacy and Data Protection

UK Data Protection: What happened in 2024 and what’s in store in 2025?

It’s been a year of political change and uncertainty for data protection. Join our data protection webinar, where we will discuss the implications of the Data Protection and Digital Information Bill not passing and the upcoming Digital Information and Smart Data Bill from the King’s Speech, which will affect existing laws.

art
  • 06 January 2025
  • Privacy and Data Protection

WhatsApp in the Workplace

This article explores the potential risks of using WhatsApp for workplace communications, the implications for GDPR compliance and under UK legislation, and provides practical tips for employers to mitigate these risks.