In a concerning development, the UK’s data watchdog, the Information Commissioner’s Office (ICO), is investigating Lloyds Banking Group over a potential breach of privacy rules. The investigation comes after the banking group accessed data from 30,000 staff bank accounts during union pay talks last year.
Lloyds, which owns the Halifax and Bank of Scotland brands, used aggregated salary, spending, and savings data as part of a presentation to staff union representatives. The data suggested that the bank’s lowest-paid staff had been in a better financial position than the wider population in recent years.
However, the banking group’s 65,000 staff are strongly encouraged to hold their personal accounts with Lloyds, meaning the lender could access this sensitive financial information without permission. This has raised concerns about potential breaches of data privacy rules.
The ICO has confirmed that it is making “inquiries” with Lloyds to determine whether the bank may have violated data protection regulations. If the watchdog finds evidence of wrongdoing, it has the power to impose fines of up to 4% of Lloyds’ annual turnover, which could amount to a staggering £1.36 billion based on the bank’s 2024 earnings.
Accord, one of Lloyds’ staff unions, has stated that the bank assured them the information was fully aggregated and that no individual data was reviewed by negotiators. However, the union has said that an independent assessment is “absolutely right” to ensure that any wrongdoing is identified and prevented from happening again.
Lloyds has defended its actions, stating that it is “committed to fair and progressive pay that provides certainty and support for all colleagues.” The bank has also noted that the pay agreement it reached with unions, which included a £1,200 pay rise for its lowest-paid staff over two years, was backed by union members.
Nevertheless, the ICO’s investigation and the potential for significant fines have raised concerns within the banking industry. The outcome of this case will be closely watched, as it could have far-reaching implications for how financial institutions handle employee data during sensitive negotiations.
