The Prudential has been fined £50,000 by the Information Commissioner’s Office (ICO) after a "mix-up" over the administration of two customers’ accounts led to tens of thousands of pounds, meant for an individual’s retirement fund, ending up in the wrong account.
This is the first ICO monetary penalty served by the ICO that doesn’t relate to a significant data loss, and it highlights the importance of basic master data management in enterprises..
The original error was caused when the records of both customers, who share the same first name, surname and date of birth, were mistakenly merged in March 2007.
The accounts remained confused for more than three years, with the problem only resolved in September 2010. This was despite the company being alerted to the mistake on several occasions, including a letter from one of the customers in late April 2010 which clearly indicated his address had not changed for over 15 years.
The company failed to investigate thoroughly at this point and the penalty imposed today relates to the inaccuracy then present which continued for a further six months.
Stephen Eckersley, ICO head of enforcement, said, “In this case two customer files were consistently confused and the company failed to remedy the situation despite being alerted to the problem on more than one occasion before it was finally resolved.
“This case would be considered farcical were it not for the serious sums of money involved.”
The ICO said last year the public made more complaints about the way money lenders were handling their information than for any other sector. Around 15 percent of the almost 13,000 data protection complaints received by the ICO during the last financial year were due to concerns related to money lenders, with inaccurate data the third most complained about issue across all sectors.
Prudential says it has now improved the training it provides to its staff and has updated its processes to ensure that the accuracy of customers’ records is maintained at all times.
Earlier this month the ICO said the private sector is "leading the way" on data protection compliance as the public sector continues to struggle.