Opsecure

Operational Security

Monday, Sep 06th

Last update:11:47:23 AM GMT

Security Headlines:
You are here:

Mortgage Company "Redstone Mortgages" accidently discloses 15000 account details

Monday, 08 March 2010 22:11 Opsecure
E-mail PDF

The Information Commissioner’s Office (ICO) has found Redstone Mortgages Ltd in breach of the Data Protection Act (DPA) after personal information relating to 15,333 mortgage accounts was emailed to a member of the public by mistake.


The information, which included personal data relating to individuals’ arrears or possession proceedings, was sent to Redstone’s head office and several other recipients as part of a monthly analysis report. It was not encrypted or password protected and was initially intended for a consultant using a private email address. Instead, the information was sent to a member of the public who had a similar email address.

David Lautier, Chief Executive Officer for Redstone Mortgages, has now signed an Undertaking to ensure that all reports containing personal information will be suitably password protected before being emailed externally. The Undertaking also requires Redstone Mortgages to implement other security measures as it deems appropriate to ensure that personal data is protected against unauthorised access.

Sally-anne Poole, Head of Enforcement & Investigations, said: “It is essential that the right procedure is followed and care is taken when sending out emails of this nature. If personal information falls into the wrong hands, individuals could experience considerable distress. It appears that this method of sending out reports containing personal information has been common practice within the company for a while. I am pleased that Redstone Mortgages has agreed to take remedial steps to safeguard personal information and prevent a similar incident happening again.”

A full copy of the Undertaking can be viewed here:
http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx

 

Redstone Mortgages Data Protection Breach

Tags:

Related Articles

< Prev   Next >
Banner

From April 2010, the Information Commissioner expects to impose 25 Monetary Penalty Notices, each of up to £500k, per annum. Organisations that fail to take reasonable measures that they ought to have taken to comply with the DPA will be in the firing line.

 

There is a narrow window to avoid being on that list: as a minimum, organisations should carry out a DPA compliance audit, to establish what still needs to be put in place and to establish lines of responsibility, and should carry out a risk assessment around their personal data.

 

This DPA Compliance Kit contains all the tools for doing it yourself.

How will this compliance kit help?

So you know that you have to comply with the Data Protection Act, and you know that if you are found to be in breach of the DPA after April 2010 the ICO can levy tough penalties, far tougher than any seen before.

 

The first thing you need to do is identify your current level of conformance. The DPA Compliance Assessment Tool will help you do this: it provides recommendations and offers guidance to help you close any gaps that are identified.

 

Once you have identified exactly what you need to do in order to become fully compliant with the DPA, you will find the DPA Compliance Documentation Toolkit invaluable. It includes all the documentation templates, which are fully customisable, that are essential for any UK data controller (and UK organisation that is responsible for personal information) seeking compliance with the UK Data Protection Act 1998.

 

The Assessment Tool and the Documentation Toolkit will enable your organisation to become fully compliant with the DPA. However, to make the process easier and to provide supporting guidance we have included two essential pocket guides:

  1. Data protection Compliance in the UK, which will help everyone in the organisation responsible for data protection get up to speed - and ensure that no one has grounds to complain of ignorance of the law!

  2. How to Survive a Data Breach which provides essential support for organisations tackling this mission.

 

List Price:

£354.00 GBP
Our Price:

£156.00 GBP Buy now

($232.81 USD)

(€171.57 EUR)

You Save:
£198.00 GBP
Data Protection Act Toolkit
Tags:

Related Articles
 

Official 2010 CISSP CBK

CISSP Official Guide

 

Tags:

Related Articles
 

Download ISO Standards

Download ISO Standards

Tags:

Related Articles
 

ISO 27001 Toolkit

ISO 27001 Toolkit - Standalone Policy Set

Tags:

Related Articles
 

Data Breach Map

Opsecure Data Protection Breach Map

Tags:

Related Articles