Bank teller gives customer’s credit card account statements to wife
PIPEDA Case Summary #2007-378
[Principle 4.3 of Schedule 1]
- In order to provide a proper audit trail, banks should establish procedures to record when an account has been accessed or statements have been printed.
- Training for bank employees should stress the importance of safeguarding personal information from unauthorized disclosures.
Marital discord was the result of a bank teller providing a printout of a husband’s credit card statements to his wife. The wife had wanted to make a payment on his account and close it. When the teller told the wife that the payment amount she proposed was inadequate to close the account, the wife became puzzled. The teller then provided the wife with printouts of three statements to prove that there was no error in the balance. The account was in the husband’s name only, and he had asked the bank not to send his statements to his home because he wanted to hide his spending habits from his wife. He normally made the payments – except on the day in question, when the couple thought it would be more convenient for her to do it.
This case was challenging – surveillance tapes were no longer available, employees claimed not to remember the incident, and the Office was initially told that the bank’s system did not record that the account had been accessed or a statement printed. There was one witness’s account, however, that lead the Assistant Privacy Commissioner to conclude that an inappropriate disclosure had taken place. The Assistant Commissioner issued a report to the bank, recommending that it revise its computer system so that a record could be kept of when an account had been accessed or a statement printed. She also recommended that it include this incident in its privacy training for employees to underscore the importance of safeguarding personal information from unauthorized disclosures, which the bank did. As for the first recommendation, it turned out that the bank had the capability all along to track such information. It was therefore able to determine which employee had accessed the account and printed the statement.
While the Assistant Commissioner noted that these recommendations had been met, she was nevertheless very disappointed in the often contradictory information that the bank provided the Office during the investigation. She noted that much time, effort and cost could have been saved had the bank verified some of its information with its officials before presenting it to the Office.
The following details the investigation and the Assistant Commissioner’s deliberations.
Summary of Investigation
One day, on her lunch hour, the complainant’s wife attended a local branch of the bank in question to make a payment on his credit card account. The complainant was the sole holder of this account. His wife provided the account number that he had given her, and the teller pulled up the account on her terminal. Thinking that she was paying off the balance, the complainant’s wife told the teller to close the account. Although the complainant knew that his wife was making a payment, he had not authorized her to close the account. The teller told his wife that the balance would not be nil after the payment she was proposing to make and that she could not therefore close the account. The wife thought that there might be some accrued interest and told the teller this. The teller, however, stated that the balance was significantly higher. Thinking that there was a mistake, the complainant’s wife asked what had gone through on the account. The complainant alleged that the teller then printed off statements for the previous three months, and gave them to his wife to prove that there was no error.
His wife became upset after reviewing the statements and did not continue with the payment. Instead, she placed a call to the complainant and then returned to work, still upset. She spoke to one of her coworkers, explained what happened and showed her the statements. She then left work for the day.
Nearly six months later, the complainant contacted the branch and requested an explanation for the alleged disclosure. He had not had the opportunity to discuss his concerns with the branch earlier as he had wanted to deal with his spending problems first. He provided the branch with what his wife thought was the teller’s name and a description.
Both the complainant and the Office were told that there was no teller by the name given by his wife. None of the employees that the Office was able to interview recalled the incident.
As for video surveillance tapes, which might have helped determine the identity of the teller who dealt with the complainant’s wife, the branch could not retrieve any information from its surveillance tapes as they are retained for a set period before being recorded over. As the incident had occurred six months earlier, the information was no longer available.
The complainant had also suggested that the splash code at the bottom of each page might assist in determining who printed the statements. The branch, however, indicated that the splash code is not unique in any way that would assist in determining the identity of the person who printed the statement.
The Office had initially been told that it was not possible to identify who accessed an account or reprinted a statement. The Office reviewed the bank’s computer system with respect to the complainant’s credit card account. There were no entries or any record indicating that the account had been accessed or that the statements had been printed on the day in question or on any other day. The investigation then focused on the meaning of the splash code at the bottom of the statement and comparing the appearance of the statements in the wife’s possession with those printed at our request by the branch. It was all for naught.
The bank later informed the Office that it could identify, through its various systems, the teller who accessed the account. She told both the Office and the bank that she could not recall the incident. Incidentally, she fit the description given to both the bank (prior to the complainant approaching the Office) and the Office.
We followed up with the bank and reviewed internal documentation regarding the matter. It would appear that contradictory information was provided to the bank officials dealing with our Office and this was why the information we received was incorrect. The bank ultimately confirmed its audit capabilities.
The bank confirmed that a third party could make a payment on behalf of an account holder. The statement would be stamped by the teller or the third party would be given a system-generated receipt. The bank stated that a third party would not be given a copy of the statements; only the name(s) listed on the account could be given such information, and only the primary account holder could close the account. The bank also stated that even though it was able to identify the employee who printed the statements, there was no evidence that it was the complainant’s wife (and not the complainant) who requested the reprints of the statements.
The Office spoke to the wife’s co-worker, who confirmed that the complainant’s wife was upset when she returned to work on the day in question. The co-worker stated that the wife relayed what had occurred at the branch and showed her the statements that the wife had been given. The co-worker said that the statements revealed a number of withdrawals, and the balance far exceeded what the complainant’s wife thought she was going to be paying off. The co-worker confirmed that the complainant’s wife was too upset to work and that she left for the day.
Issued March 23, 2007
Application: Principle 4.3 which states that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
In making her determinations, the Assistant Commissioner deliberated as follows:
- The bank eventually confirmed that the complainant’s account was accessed on the day in question and that a statement was reprinted. The challenge was to determine the circumstances in which these statements were printed, and whether they were given to the complainant’s wife as alleged.
- The employee who was involved did not recollect the incident.
- The surveillance tapes that might have captured the wife entering the branch and conversing with the teller had been destroyed, given the passage of time between the event and the complainant’s contacting the bank about the matter.
- The evidence that corroborated the wife’s version of events was her co-worker’s statement to the Office.
- Also significant was that the teller who accessed the account fit the wife’s description.
- Based on this, the Assistant Commissioner was inclined to believe that the disclosure had taken place. Given that his wife’s name was not on the account, the Assistant Commissioner determined that the complainant’s wife had no right to this information or in fact any information about the account.
- Consequently, the Assistant Commissioner found that the complainant’s personal information was disclosed without his knowledge or consent, contrary to Principle 4.3.
- The Assistant Commissioner recommended that the bank implement procedures to record when an account has been accessed or statements are printed in order to provide a better audit trail. She also recommended that the bank incorporate this incident into its privacy training for employees to stress the importance of safeguarding personal information from unauthorized disclosures.
- The bank indicated that it could audit this information and that it had incorporated this scenario into its training. Such measures, she noted, should help the organization to better meet its obligations under the Act.
The Assistant Commissioner concluded that the complaint was well-founded and resolved.
The Assistant Commissioner, however, went on to note her displeasure at how the bank handled the complaint. She stated:
The fact that (the bank) has failed to provide a satisfactory explanation for the incomplete, inaccurate and contradictory information it provided to us regarding the employee involved in the incident and its systems’ capabilities contributes to our disappointment.
In our view, (the bank) needs to be more diligent in its efforts to ensure that our Office receives complete and accurate information during the course of the investigation. This may require confirming the information it receives from its branches in order to avoid a repeat of this scenario. Much time, effort and cost could have been saved had (the bank) been more forthcoming with information and had it made a concerted effort to verify what its computer systems were capable of from the beginning.
- Date modified: