The Information Commissioner’s Office has found London-based Redstone Mortgages in breach of the Data Protection Act after personal information relating to 15,333 mortgage accounts was emailed to a member of the public by mistake.
The information, which included data relating to individuals’ arrears and repossession proceedings, was sent to the former lender’s head office and several other recipients as part of a monthly analysis report.
It was not encrypted or password-protected and was initially intended for a consultant using a private email address. Instead, the infor-mation was sent to a member of the public who had a similar email address.
David Lautier, chief executive officer of Redstone, has now signed an undertaking to ensure that all reports containing personal infor-mation will be password-protected before being emailed externally.