ICO hands Prudential £50,000 data mismanagement fine


British life assurance and financial services firm, Prudential, has been fined 50,000 by the Information Commissioner's office (ICO) for merging two accounts belonging to different customers with the same name.

The organisation took three years to fix the problem, during which time thousands of pounds ended up in the wrong pockets.

The accounts were mistakenly merged in March 2007 as the customers shared much of the same personal information, including first name, surname, and date of birth, but not postal addresses. Despite being told about the error multiple times by the customers affected, Prudential took no action until 2010.

In light of the judgement, Stephen Eckersley, head of enforcement at the ICO, said: "Organisations must make sure the information they hold on their customers' files is accurate and kept up to date in order to comply with the Date Protection Act."

"We hope this penalty sends a message to all organisations, but particularly those in the financial sector, that adequate checks must be in place to ensure people's records are accurate," he added.

Last year the public made more complaints about the way money lenders were handling their information than for any other sector, with almost 15 per cent of the close to 13,000 complaints received by the ICO in the last fiscal year relating to financial services.

Prudential has now improved the training it provides to its staff and updated its processes to ensure the accuracy of customers' records is maintained at all times, the ICO said.