Monday Dec 16, 2024
Monday, 24 July 2017 00:28 - - {{hitsCtrl.values.hits}}
Dear Governor,
Subject: Priority account details of HNB customers
I am writing to you as a customer of Hatton National Bank (HNB). The premier business paper Daily FT highlighted recently the saga involving a bank inadvertently or deliberately leaking customer data into the public domain. A well-known public website LNW however highlighted the name of the bank. So Mr. Governor you cannot say you don’t know and then be silent about the issue.
This is total mismanagement by the top management and the board of directors of the bank. If this had happened in the UK, US or Singapore, the Central Bank Chief would have asked the entire board to stand down. To date, we have not heard a whimper from you as the Governor of the Central Bank. The very foundation on which the bank is built on is confidence and secrecy. This has now been breached.
We also understand that key information pertaining to customers is in the hands of third parties with no security and there is also a good possibility there could be a further compromise of customer account details. It is an implied term of the contract between customers and their bank that it will keep their information confidential. This confidentiality is not just confined to account transactions – it extends to all the information that the bank has about the customer. But from time to time mistakes happen and – for whatever reason – banks end up releasing information that they should have kept secret. The resulting breach of confidentiality has major consequences.
However, a banker’s duty of confidentiality is not absolute. The 1924 case of Tournier v. National Provincial and Union Bank of England sets out four areas where a bank can legally disclose information about its customer. These principles still hold good today and are:
1) Where the bank is compelled by law to disclose the information
2) If the bank has a public duty to disclose the information
3) If the bank’s own interests require disclosure
4) Where the customer has agreed to the information being disclosed.
If a bank disclosed information under one or more of these circumstances, then we have no issue. But if a bank discloses information about a customer in any circumstances other than those described above, then it has acted wrongly and must be held liable for its action. In this instance the bank seems to think it should make a difference if its disclosed the information by accident – but it does not. If a bank’s carelessness leads to a breach of confidentiality that does not diminish the fact that the bank acted in breach of a fundamental duty it owed to its customer. The email addresses of this leak are now freely available in the public domain and are already being used for the marketing of electronic items. If you read the Banking Act, the bank can even lose it license. Unfortunately, the Central Bank, after two controversial appointments, has lost its soul and does not have the will to bring back dignity to our financial system. Much is expected from you. So far little has been done to bring credibility back to the banking system. We urge you at least now to take action against the board and put in a competent board to run the bank. Do what the Government did with the Seylan Bank case in 2011, get the board to stand down and appoint a board from the Central Bank until a full forensic audit is done.
Malinga Perera