I called our local supermarket to ask about transferring points from an old (lost) card onto one we just got as a replacement. Since the card is in E’s name, she has to do it. The fellow on the phone kept talking about the Data Protection Act, explaining that the rules don’t allow anyone but the registered person to have access to the information in the account. In order to let us both have permission, I have to get a card in my own name and then they can join the two together for mutual access. With both of us physically there. (I’ll recognize that there are reasons this requirement could be a real pain.)
Then I call a US bank to ask a question, and they ask for my mother’s maiden name. That detail happens to be on the public record if you know how to find it (or have read any of 50 books on the topic). A little work would get it for anyone with bad intentions. Luckily we can make the US bank accept anything in response to that question, not the actual maiden name, so we’ve got some level of protection. But our choice is far from common.
Why are companies in the US so much less concerned about the privacy of your information? They claim it’s the cost in maintaining the information. I suspect it’s more a change in standard procedure and the belief that it’s purely inconvenience, for which the customers share as much of the blame as the banks.