European Data Protection Digest

Company Shares Account Details on More Than 15K

DATA LOSS—UK

February 26, 2010

The Information Commissioner's Office (ICO) has found that Redstone Mortgages violated the Data Protection Act by inadvertently e-mailing personal data from 15,333 mortgage accounts to a member of the public. The information, which had not been encrypted and was not protected by a password, had been meant for a consultant, but was sent instead to an individual with a similar e-mail address. In the ICO's announcement of the breach, Sally-Anne Poole states, "It is essential that the right procedure is followed and care is taken when sending out e-mails of this nature. If personal information falls into the wrong hands, individuals could experience considerable distress." The company has agreed that all future reports being e-mailed externally will be password protected.
Full Story