Mortgage firm discloses over 15,000 account details
Share
The Information Commissioner’s Office has found London based lender Redstone Mortgages Ltd in breach of the Data Protection Act after personal information relating to 15,333 mortgage accounts was emailed to a member of the public by mistake.
The information, which included personal data relating to individuals’ arrears or possession proceedings, was sent to Redstone’s head office and several other recipients as part of a monthly analysis report.
It was not encrypted or password protected and was initially intended for a consultant using a private email address. Instead, the information was sent to a member of the public who had a similar email address.
David Lautier, chief executive officer for Redstone Mortgages, has now signed an undertaking to ensure that all reports containing personal information will be suitably password protected before being emailed externally.
The undertaking also requires Redstone Mortgages to implement other security measures as it deems appropriate to ensure that personal data is protected against unauthorised access.
Sally-anne Poole, head of enforcement and investigations at the ICO, says: “It is essential that the right procedure is followed and care is taken when sending out emails of this nature.
“If personal information falls into the wrong hands, individuals could experience considerable distress. It appears that this method of sending out reports containing personal information has been common practice within the company for a while.
“I am pleased that Redstone Mortgages has agreed to take remedial steps to safeguard personal information and prevent a similar incident happening again.”
Readers' comments (6)
Anonymous | 24 Feb 2010 12:44 pm
The new managers are not well respected but staff are too afraid to say anything due to a higher manager calling the shots and making peoples life difficult in the office - not all as good as they make out!!
Unsuitable or offensive? Report this comment
Aaron | 24 Feb 2010 12:47 pm
Schoolboy error!
Unsuitable or offensive? Report this comment
John Tidswell | 24 Feb 2010 12:48 pm
Suppose it makes a change from the Government not looking after personal information. I also note just like the powers that be when they make a major cock up, nobody is really held accountable or loses their job over it. An enquirey is held slap on the wrist and a nice reassuring statement released.
Unsuitable or offensive? Report this comment
Anonymous | 24 Feb 2010 1:05 pm
I don't understand how the first comment here relates to the story?
Unsuitable or offensive? Report this comment
Anonymous | 24 Feb 2010 1:09 pm
Funny old game - it seems that Redstone have had not much more than a rap on the knuckles for some pretty serious breaches. Meanwhile, I can think of a few instances where more minor infringements have resulted in rather more severe penalties - especially when the FSA get involved!
Unsuitable or offensive? Report this comment
Peter Turner | 26 Feb 2010 5:42 pm
Given the track record of the HMRC, other public bodies and even the FSA I thought leaking personal data had become normal government practice.
Unsuitable or offensive? Report this comment