The Information Commissioner’s Office has been forced to apologise to former NatWest chief executive Dame Alison Rose over the so-called “Farage-gate” data scandal, after admitting it had implied that she had been under investigation.
Dame Alison resigned in the wake of the claims, after discussing the banking affairs of Nigel Farage with a journalist.
According to Sky News, the ICO has said its comments last month – in which the regulator said a NatWest employee shared information when they should not have done, and that there had been two privacy breaches – gave the wrong impression.
The ICO said in a statement that it was just NatWest’s actions which were investigated, rather than Dame Alison’s.
It added: “We confirm that we did not investigate Ms Rose’s actions, given that NatWest was the data controller under investigation.
“Our investigation did not find that Ms Rose breached data protection law and we regret that our statement gave the impression that she did… we apologise to Ms Rose for suggesting that we had made a finding that she breached the UK GDPR in respect of Mr Farage when we had not investigated her.”
In its ruling in October, the ICO said there were two privacy breaches involved in the disclosure to BBC News business editor Simon Jack.
This enabled him to report Farage no longer met the financial criteria to hold an account with Coutts, which is part of the NatWest Group.
Also included in the apology was the lack of any comment from Dame Alison. She should have been approached, the ICO said.
“We accept that it would have been appropriate in the specific circumstances for us to have given Ms Rose an opportunity to comment on any findings in relation to her role and regret not doing so.”
Now ICO steps up consumer advice on data requests
ICO warns banks over data duties as ‘Farage-gate’ rages
Decision Marketing Data Clinic: Data reforms explained
Govt urged to beef up data bill to fight ‘horrific’ adtech
Data deletion tsunami claims blown out of the water
Fears grow as ‘millions plan to delete data under GDPR’