global insurance management

What not to do with client data

May 18 2010

Relevance – all regulated businesses
The Information Commissioner has uncovered another situation where a little thought could have prevented the disclosure of important personal data. A copy of the report is reproduced below.

Action required – only if data sent to third parties
This is for information only unless you do have reason to email or post individual client data to third parties. If you do, please take note of the requirement to password protect or encrypt any data sent.
‘The Information Commissioner’s Office (ICO) has found Redstone Mortgages Ltd in breach of the Data Protection Act (DPA) after personal information relating to 15,333 mortgage accounts was emailed to a member of the public by mistake.

The information, which included personal data relating to individuals’ arrears or possession proceedings, was sent to Redstone’s head office and several other recipients as part of a monthly analysis report. It was not encrypted or password protected and was initially intended for a consultant using a private email address. Instead, the information was sent to a member of the public who had a similar email address.

David Lautier, Chief Executive Officer for Redstone Mortgages, has now signed an Undertaking to ensure that all reports containing personal information will be suitably password protected before being emailed externally. The Undertaking also requires Redstone Mortgages to implement other security measures as it deems appropriate to ensure that personal data is protected against unauthorised access.

Sally-Anne Poole, Head of Enforcement & Investigations, said: "It is essential that the right procedure is followed and care is taken when sending out emails of this nature. If personal information falls into the wrong hands, individuals could experience considerable distress. It appears that this method of sending out reports containing personal information has been common practice within the company for a while. I am pleased that Redstone Mortgages has
agreed to take remedial steps to safeguard personal information and prevent a similar incident happening again."


The ICO are looking for nothing more than a bit of common sense. After HSBC received a very large fine, for sending unencrypted personal data by post, the ICO rightly expect businesses to consider what they are doing with client data and what happens if it goes astray.

Back to news

Global News Archive

We are now part of the AXA Group Click here

Generation 3 Ceramic  Click here

Cutting edge, Market Leading Software from our Solutions company. Click here