Customer contact and data security: confidentiality: recording bank details
You should never manually record bank account details in free format notes on any of our systems.
When data is stored in this way it can be manipulated. It would also have to be made available if a request was made under the Data Protection Act which may raise concerns from our customers. For more information on the act, see DMBM513170.
Therefore, make sure you do not manually record bank account or debit/credit card details on the notes screen of any of our computer systems. This includes the IDMS Action History.
If, on further investigation, you discover there has been a breach of security, you should report it as a security incident to the Security & Information Directorate (S&ID).
(This content has been withheld because of exemptions in the Freedom of Information Act 2000)