The Prudential fined £50,000 by Information Commissioner

ICO issues unique fine, throws spotlight on master data management

The Prudential has been fined £50,000 by the Information Commissioner's Office (ICO) after a "mix-up" over the administration of two customers' accounts led to tens of thousands of pounds, meant for an individual's retirement fund, ending up in the wrong account.

This is the first ICO monetary penalty served by the ICO that doesn't relate to a significant data loss, and it highlights the importance of basic master data management in enterprises..

The original error was caused when the records of both customers, who share the same first name, surname and date of birth, were mistakenly merged in March 2007.

The accounts remained confused for more than three years, with the problem only resolved in September 2010. This was despite the company being alerted to the mistake on several occasions, including a letter from one of the customers in late April 2010 which clearly indicated his address had not changed for over 15 years.

The company failed to investigate thoroughly at this point and the penalty imposed today relates to the inaccuracy then present which continued for a further six months.

Stephen Eckersley, ICO head of enforcement, said, "In this case two customer files were consistently confused and the company failed to remedy the situation despite being alerted to the problem on more than one occasion before it was finally resolved.

"This case would be considered farcical were it not for the serious sums of money involved."

The ICO said last year the public made more complaints about the way money lenders were handling their information than for any other sector. Around 15 percent of the almost 13,000 data protection complaints received by the ICO during the last financial year were due to concerns related to money lenders, with inaccurate data the third most complained about issue across all sectors.

Prudential says it has now improved the training it provides to its staff and has updated its processes to ensure that the accuracy of customers' records is maintained at all times.

Earlier this month the ICO said the private sector is "leading the way" on data protection compliance as the public sector continues to struggle.

Tags: ico, security, Prudential, Information Commissioner's Office, IT Business

VMware promises Heartbleed patches for affected products by the weekend

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Management Solutions

Endpoint Security Management

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.