Loss of personal data.
15,333 mortgage records were emailed to a member of the public by accident.
Undertaking issued to ensure that all reports containing personal data are suitably password protected and that this provision in entered into any contracts between the data controller and any data processors acting on its behalf.
Reason for action
The data was being transmitted to the data controller’s head office and several other recipients as part of a monthly analysis report. One of the recipients used an email address that was similar to a member of the public’s, which was mistakenly entered. The data was not encrypted or password protected.
19 February 2010