ICO Issues £50,000 ($79,000) Fine to Prudential for Customer Account Mix-Up

The agency wants to send a message to all organizations

By on November 6th, 2012 14:53 GMT

Personal banking, insurance and pensions products provider Prudential has been fined with £50,000 ($79,000 or 62,000 EUR) by the UK Information Commissioner’s Office (ICO) after it mixed up the accounts of two customers.

The accounts in question were mistakenly merged back in 2007 because the customers shared the same first name, surname and date of birth. As a result, tens of thousands of pounds erroneously ended up in the wrong retirement account.

The main problem wasn’t that the accounts were merged, but the fact that Prudential failed to do anything about it until September 2010, despite the fact that it had been notified on several occasions.

“Organisations must make sure the information they hold on their customers’ files is accurate and kept up to date in order to comply with the Data Protection Act,” Stephen Eckersley, ICO head of enforcement, said.

“In this case two customer files were consistently confused and the company failed to remedy the situation despite being alerted to the problem on more than one occasion before it was finally resolved. This case would be considered farcical were it not for the serious sums of money involved,” he added.

The company in question has improved the training it provides to staff members and has updated its processes to ensure that such unfortunate situations are avoided in the future.

“While data losses may make the headlines, most people will contact our office about inaccuracies and other issues relating to the misuse of their information. Inaccurate information on a customer’s record, particularly when the record relates to an individual’s financial affairs, can have a significant impact on someone’s life,” Eckersley said.

“We hope this penalty sends a message to all organisations, but particularly those in the financial sector, that adequate checks must be in place to ensure people’s records are accurate. Staff should also receive adequate training on how to manage and maintain them, with any concerns fully investigated in order to ensure problems are addressed at an early stage.”

Comments