ICO reports findings of children's data protection in financial services

The Information Commissioner's Office (ICO) has published its report alongside a press release following a review into the gathering and use of children's data in financial services, particularly from services supplying them with current accounts, savings accounts, trust accounts, ISAs and prepaid cards. The report, part of the ICO's strategic ICO25 plan, highlights areas of good practice, while identifying key areas requiring improvement such as: (i) governance – while most organisations have data protection policies in place, there is limited monitoring of compliance with these policies, with only a small percentage providing specific training; (ii) transparency – many organisations lack age-appropriate privacy information and rely on parents or guardians to convey terms to children, creating a risk of children either misunderstanding or not understanding information at all; (iii) consent – some organisations are failing to review and refresh parental consent received on behalf of a child, as the child matures, making original consent likely void until it is obtained from the child; and (iv) contact including marketing – most organisations do not consider the challenges which arise in distinguishing parents and children when communications are provided, thereby increasing non-compliance risks. The ICO's findings highlight an urgent call for organisations, particularly in the financial services sector offering products for children, to align UK GDPR standards in practice, to mitigate risks and advance in compliance efforts.

Return to main website.