London-based lender Redstone Mortgages has been found in breach of the Data Protection Act (DPA) after personal information relating to 15,333 accounts was emailed to a member of the public.
The Information Commissioner's Office (ICO) said data relating to individuals' arrears or possession proceedings was sent to Redstone's head office and several other recipients in August 2009 as part of a monthly analysis report.
It was intended for a consultant using a private email address but was sent to a member of the public who had a similar email address.
The ICO found the data was not encrypted or password-protected, and similar reports had been emailed each month since 2005.
David Lautier, chief executive officer for Redstone Mortgages, has signed an undertaking to ensure all reports containing personal information will be suitably password protected before being emailed externally.
The undertaking requires Redstone Mortgages to implement other security measures as it deems appropriate to ensure personal data is protected against unauthorised access.
Sally-Anne Poole, head of enforcement & investigations at the ICO, says: "It is essential that the right procedure is followed and care is taken when sending out emails of this nature. It appears that this method of sending out reports containing personal information has been common practice within the company for a while."
Championing diversity in the workplace
Our weekly heads-up for advisers