The Information Commissioner’s Office (ICO) has found Redstone Mortgages in breach of the Data Protection Act after personal information relating to 15,333 mortgage accounts was mistakenly emailed to a member of the public.
The information, which included personal data relating to individuals’ arrears or possession proceedings, was sent to Redstone’s head office and several other recipients as part of a monthly analysis report. It was not encrypted or password protected and was initially intended for a consultant using a private email address. Instead, the information was sent to a member of the public who had a similar email address.
David Lautier, Redstone Mortgages’ CEO, has now signed an undertaking to ensure that all reports containing personal information will be suitably password protected before being emailed externally. The undertaking also requires Redstone Mortgages to implement other security measures as it deems appropriate to ensure that personal data is protected against unauthorised access.
Sally-anne Poole, head of enforcement and investigations, said: “It is essential that the right procedure is followed and care is taken when sending out emails of this nature. If personal information falls into the wrong hands