Mortgage Company Data Protection In Arrears

Redstone Mortgages had been sending customer details by email since 2005 with no password or encryption

A mortgage company has been found in breach of the Data Protection Act after accidentally emailing details of more than 15,000 customer accounts to a member of the public.

In a statement released this week, the Information Commissioners Office (ICO) said that Redstone Mortgages Ltd was found in breach of the act after sending customer details by email without bothering to encrypt or password protect the information. The information was meant for a consultant but was sent to a member of the public with a similar email address on 3 August 2009.

According to the undertaking document, Redstone had been sending unsecured customer data by email every month since 2005.

The chief executive of Redstone Mortgages David Lautier has now signed an undertaking to make sure all future customer information will be password protected before being emailed. Redstone will also be required to implement other security measures to protect personal data, the ICO said.

“It is essential that the right procedure is followed and care is taken when sending out emails of this nature. If personal information falls into the wrong hands, individuals could experience considerable distress,” said ICO head of enforcement and investigations, Sally-Anne Poole. “It appears that this method of sending out reports containing personal information has been common practice within the company for a while. I am pleased that Redstone Mortgages has agreed to take remedial steps to safeguard personal information and prevent a similar incident happening again.”

In January the ICO warned that businesses that do not own up to data breaches will face tougher action than those that come forward of their own volition.  The ICO said that more than 800 data security breaches have been reported over the last two years. The ICO warns that companies that approach it voluntarily will still face some action, but those businesses which attempt to cover-up security incidents will be hit with much tougher penalties.

The Conservative Party’s plans to increase privacy and reduce the amount of government data will involve a big increase in the powers of the Information Commissioner, a London meeting heard last week. “Our personal data belongs to us, and the government holds it on trust,” said Eleanor Laing, MP, the shadow Minister for Justice, speaking at a Westminster Legal Policy Forum meeting in London.