ICO hands Prudential £50,000 data mismanagement fine
Financial services organisation hit with financial penalty after account merger error
British life assurance and financial services firm, Prudential, has been fined 50,000 by the Information Commissioner's office (ICO) for merging two accounts belonging to different customers with the same name.
The organisation took three years to fix the problem, during which time thousands of pounds ended up in the wrong pockets.
The accounts were mistakenly merged in March 2007 as the customers shared much of the same personal information, including first name, surname, and date of birth, but not postal addresses. Despite being told about the error multiple times by the customers affected, Prudential took no action until 2010.
In light of the judgement, Stephen Eckersley, head of enforcement at the ICO, said: "Organisations must make sure the information they hold on their customers' files is accurate and kept up to date in order to comply with the Date Protection Act."
"We hope this penalty sends a message to all organisations, but particularly those in the financial sector, that adequate checks must be in place to ensure people's records are accurate," he added.
Last year the public made more complaints about the way money lenders were handling their information than for any other sector, with almost 15 per cent of the close to 13,000 complaints received by the ICO in the last fiscal year relating to financial services.
Prudential has now improved the training it provides to its staff and updated its processes to ensure the accuracy of customers' records is maintained at all times, the ICO said.
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDI
Free download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloud
Free DownloadModernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security tools
Download now
