Customer data at the bank are available to foreign ears?
The client (her name is known to the LNK.lt editorial office) said that the Swedbank Fabijoniškės Customer Service Center, located on Ukmergės Street in the capital 283, was not visited voluntarily. That day, she was unable to perform a regular financial transaction in online banking because, as it turned out, the bank system had some technical problems.
After calling the bank, the consultant apologized and offered the only way out to go to the nearest Swedbank customer service unit. The consultant promised that she would call this Swedbank branch and serve a client in a queue.
Unfortunately, when the woman arrived at the bank branch, she first had to wait a long time in the queue at the administrator (because she was waiting for a number of clients who had not registered in advance), and then the client was directed to the waiting room – ie to wait for the clients who did not register. But most of all, Vilnius was surprised by the fact that customers in the common waiting space are heard by other customers.
This is because at least two bank employees’ jobs at this Swedbank Customer Service Center are located in the overall open space where all customers are waiting. LNK.lt journalist who visited this bank branch also convinced him.
Photo by A. Ufarto / ELTA
At that time, a man and a woman were served at one of the tables, and another was a half -age man. It was seen that he was in a publicly uncomfortable manner and tries to talk to a bank employee as quieter as possible so that other customers (ie bystanders) would not hear what financial affairs the man manages. However, the bank employee listened to him several times quite loudly. Therefore, without wanting to hear the amount a man asks to transfer, how much money there is money, his email address and other personal data.
LKNK.LT, the State Data Protection Inspectorate and Swedbank himself asked if the bank could be served publicly – hearing other customers, that is, outsiders? Also – is this customer service practice a violation of personal data protection?
The Inspectorate calls for confidentiality
« Banks process personal data (these may include customer names, money sums, account numbers, addresses, email addresses) when customers are served, appropriate technical and organizational measures must be taken to ensure that the General Data Protection Regulation (BDAR). In the answer sent to LNK.lt.
According to Inga Mauriciene, Advisor to the Legal Division of this Inspectorate, any organizations (whether it are a bank, utility company, pharmacy, etc.) employees must follow pre -established procedures to ensure that personal data are not disclosed to others.
« The processing of personal data is an important part of the service process, without which, often, it would not even be possible to service individuals and to provide counseling. This means that not only the employee but also the controller himself must take measures to reduce the risks of personal data. – said a spokeswoman for the State Data Protection Inspectorate.
The Inspectorate stated that it had not received clients’ complaints about possible violations in the aforementioned Swedbank unit.
« The State Data Protection Inspectorate has not received complaints from persons regarding the alleged safety measures that may not ensure the personal data to third parties. In any case, the Inspectorate recommends that people ask for confidentiality during service.
Photo by A. Ufarto / ELTA
Swedbank: « Open jobs we give up »
Swedbank did not answer the questions immediately. Initially, Judita Martyšė, the head of the communication service of the bank’s image, communication and sustainability service, replied that the bank « deepens the situation and will respond as soon as possible ». A week later, the answers were sent by Gytis Vercinskas, a Swedbank representative.
When asked why some customers are served openly at the bank’s unit – when hearing other customers, that is, outstanding persons, the Swedbank spokesman answered: « In part of the departments, we serve our customers in open and closed workplaces. Open jobs are intended for short customer consultations and are installed away from the waiting area and separated by low partitions.
Seeing the growing needs of our customers on all issues to consult privately and understand the importance of customer data protection, we actively redeem the bank units and give up open jobs. Instead, they have been equipped with closed consultancy cabinets for some time, thus providing maximum protection of customer data. ”
When asked whether customer names, surnames, sums, account numbers, addresses, email Email addresses and other personal data at the bank may be accessible to outsiders and why customer data are said to be heard by others, G. Vercinskas said: « We identify customers according to the personal documents provided and do not ask for their data, unless the customer’s desired operation or contract requires correction.
A Swedbank spokesman said that even in such cases, bank employees discreetly service customers. « In order to check the account from which account will be made, only the last number of the bank account number tells us. Of course, after the customer has expressed the need, and if the unit has such an opportunity, we offer the service to extend the service in a closed consultancy cabinet, » said G. Verinskas.
When asked if such an open customer service practice is a violation of personal data protection, the Swedbank spokesman said the opposite of the public was very concerned with the protection of customer data.
“Most of the bank services can be handled at Swedbank’s Internet bank, smart gadget, self -service spaces. Consultations are provided remotely (by phone, video channel, written) and bank units. Protection of customer data is particularly important to us – we comply with BDAR requirements. With information that a personal data security violation may have occurred, we are taking all the necessary steps, ”said G. Vercinskas.
