View more on these topics

Alan Lakey: Data protection working against consumers

Blind adherence to rules is never an attractive character facet, yet with many individuals we are prepared to forgive such behaviour. However, when mindless obedience emanates from those institutions with which we daily transact business, a line has to be drawn.

My bluster is directed primarily at those whose devotion to the rigours of the Data Protection Act makes them a menace to advisers and clients alike and causes a reduction in the business we transact.

I am all for the privacy of personal data and would feel outrage if my private information were broadcast willy-nilly by any organisation but, like regulation, there has to be an acceptable balance and some institutions have shown the ability to find an appropriate path.

As an example, Coventry Building Society asks advisers for two digits of their individual reference number and thereby short-cuts what could otherwise descend into a tortuous process.

Others maintain the pretence that by asking seven or eight standard questions they are providing fitting proof of their DPA responsibilities.

Several examples of recent behaviour serve to highlight how this mindset encroaches on common sense. I recently telephoned Nationwide to enquire about the progress of a mortgage application. Seven or eight DPA questions were answered and the Nationwide lady, having been unable to answer my question, promised to phone back. She promptly did this but then refused to impart the information unless I subjected myself to the very same identical inquisition. Is this sensible? Is this in line with DPA requirements or is it some form of gold-plating designed to irrefutably demonstrate observance with the act? This lady had telephoned my office, I had answered providing my name and had then thanked her for coming back so speedily and additionally confirmed the clients’ names without invitation.

The also accepted that we had just spoken, so blind obedience overcomes common sense yet again.

In common with many firms, we use a standard agency transfer form which enables us to obtain information from institutions. The wording is precise and non-ambiguous, it confirms that the named client wishes us to take over as their agent and that the authority is to remain in force until the client informs them to the contrary. It is intended to avoid foolish and time-consuming correspondence.

Every financial services company accepts this authority and matters generally run smoothly until one or other institution tiring of such efficiency decides to disrupt the process. Enter Aviva, a company hitherto considered as sensible. A recent pension valuation enquiry was rebuffed with the advice that the client authority letters enjoy a finite life, in this instance, 12 months.

There is no requirement in the DPA for this and it provokes a number of disturbing questions. Is Aviva conversant with the requirements of the DPA or is it labouring under the misapprehension that clients only stay with their advisers for a year or so? Could it be readying itself for an assault on advisers’ clients after the RDR? Or could it be that some tick-box zealot has been carried away with the power devolved by the DPA and is creating chaos by his actions?

I could recount many additional instances all of which confirms that an Act of Parliament specifically designed to protect the privacy of individuals is being used to the disadvantage of those very same individuals. Rationality and balance please make a comeback.

Alan Lakey is partner at Highclere Financial Services


News and expert analysis straight to your inbox

Sign up


There are 6 comments at the moment, we would love to hear your opinion too.

  1. Lack of understanding of the Data Protection act and blind adherance to a belief that Data Protection only works one way results in many institutions failing in their duty to care to clients.
    As an example I had a client who was out of the country in anotehr EU state and because my firm does not have a passport to provide cross border advice and admin services, we had to phone his stockbrokers (Barclays) and start a concersation saying we were NOT after client specific information, but wished to provide them with information to enable them to meet their duty of care to their client. We told them of the problems the client had with their ISA and asked them to contact their client on the number they had on file.
    They failed to do so and the client lost money.
    The client complained to Barclays, who rejected the complaint, despit my explaining to Barclays complaint department why I knew theywould loose. My client then went to FOS and the adjudicator took Barclays word over my clients despite reminding them that as a Stockbrokers, Barclays would have recorded my phone call and the subsequent one of my client.
    My client rejected the adjudicator’s response and requsted the case was looked at by an Ombudsman instead of an unqualified adjudicator (two had been involved and neither of them had any understanding of banking duties of care or the law).
    When my client and I spoke to the Ombudsman, they then requested the recording from Barclays, who in the end found the recording they had failed to listen to themselves before rejecting the case. I had also sent a copy of our telephone recordings to FOS. This took a LOT of work on our part as we provided a timeline to save the FOS staff member extra work. VBarclays did NOT.
    FOS instructed Barclays to make restitution, which from DAY ONE my client had acceptyed was contributory negligence on their part as they had quoted an incorredt accoutn number on an ISA transfer and that was what I had called to let Barclays know so that they could resolve the matter with the client.
    The Data Protection Act is not an ASS, People are.

  2. The Data Protection Act, like the FSA (under their prevention of financial crime mandate), requires firms to take appropriate measures to prevent unauthorised access to customer data. It doesn’t specify how this is to be done. It is therefore nonsense to suggest that because the act doesn’t explicitly say that something is necessary that it is unnecessary.

    It seems an entirely reasonable stance to take to suggest that something their customer signed more than a year ago should no longer be valid. But why don’t you tell us where the cut-off should be? 1, 2, 5 10 years?

    At some point you have to admit that the passage of time can alter a clients intentions. One day that client might not want you to have servicing authority; does that client now have to get that leter back from you so you can’t use it again? Should a product provider blindly follow your instructions 10 years later or should they look out for their customers (yes they are their customers as well) and make sure the customer still thinks that?

  3. There are two sides to every story.

    The financial institution will argue that they are better served by being more cautious with regard to DPA procedures than perhaps ‘bending’ the rules. You only need to type the words ‘customer information leak’ into Google to produce evidence of how much this can potentially cost to an institution, so it is perhaps understandable.

    However, I can understand advisers’ frustrations at just how detailed these checks can be, and it has to be said that there is a marked lack of understanding by staff in large companies (and so it follows a lack of informed training) as to what constitutes information actually governed by the Act and what doesn’t. Phil Castle’s experience is a classic example.

  4. @ Anonymous | 17 Oct 2011 10:47 am

    I agree with the principle that it is prudent to request confirmation of continued rights to act as agent, but banks are quite happy to accept standing orders established “UFN” until further notice and powers of attorney are routinely arranged with no expiry date.

    Several of the banks actually incorporate a limited general power of attorney in to their standard mortgage terms that the client doesn’t even sign and I know from experience was not explained to me by ANYONE (I read and understood it before signing)

    The banks use the DPA a loss of market restriction tool, but two can play at their game as our client agreements incorportae a limited power of attorney, limited to information only and until further notice. As yet we haven;t argued the toss in law with any party, whetehr that be an insurer or NS&I, but at some point we probably will choose to do so.

  5. The thrust of my rant is that Aviva has taken a stance that any adviser who has failed to contact them about a client during the previous three months must now provide a letter of authority.

    This destroys the existing law of agency that advisers and firms have happily co-existed with for decades.

    The DPA does not require this. This is an Aviva initiative. What is the next step, we have not had contact for 12 months so we are stopping renewal or fund-based commission.

    To me this looks like an attack on advisers with Aviva gearing up for the post RDR frenzy when they will be looking to grab as much orphan business as they can.

    Let’s see what the ICO says.

  6. If, as do ours, a letter of appointment states clearly and unambiguously that it shall apply indefinitely unless or until it’s specifically revoked or superseded by another letter of appointment, then I don’t see how any provider has any right to deem its validity to be finite. To do so is acting in direct contravention of the original instruction from the client, not to mention being wilfully obstructive to the adviser/client relationship. The only thing you can you do in the face of such a policy is to get the client to sign half a dozen letters of appointment at the outset of your relationship with them and keep them on file for future use.

    It also constitutes a way of circumventing the dishonest practice of some intermediary firms of conning clients into transferring the agency on all their existing business with other firms on the grounds that they need to be able to find out full details of everything they already have to enable them to advise on, say, a mortgage (which, of course, they could do simply by contacting the existing intermediary). There’s a firm here in Bristol that’s done this to us a couple of times (bastards) and I know for a fact that they don’t provide anything like the ongoing service that we do. In fact, we even got a client back from them because they’d wanted to invest some more money but hadn’t been able to find anyone interested at this other firm in arranging it for them.

    Such is the world of business.

Leave a comment


Why register with Money Marketing ?

Providing trusted insight for professional advisers.  Since 1985 Money Marketing has helped promote and analyse the financial adviser community in the UK and continues to be the trusted industry brand for independent insight and advice.

News & analysis delivered directly to your inbox
Register today to receive our range of news alerts including daily and weekly briefings

Money Marketing Events
Be the first to hear about our industry leading conferences, awards, roundtables and more.

Research and insight
Take part in and see the results of Money Marketing's flagship investigations into industry trends.

Have your say
Only registered users can post comments. As the voice of the adviser community, our content generates robust debate. Sign up today and make your voice heard.

Register now

Having problems?

Contact us on +44 (0)20 7292 3712

Lines are open Monday to Friday 9:00am -5.00pm