recent work

Prudential fined £50,000 for data mix-up

The Information Commissioner’s Office issued the monetary penalty to Prudential after it was discovered that two customers’ accounts had been confused – meaning that tens of thousands of pounds had ended up in the wrong account.

The incident, which occurred in March 2007, resulted in a serious breach of the Data Protection Act, after two customer records, of people who had the same first name, surname and date of birth, were merged.

The problem was not resolved until September 2010, despite alerts being raised on several occasions, including one of the customers sending a letter confirming they had not moved house for over 15 years. The penalty imposed on Prudential relates to the inaccuracy that began here and continued for another 6 months.

Stephen Eckersley, ICO Head of Enforcement, said:

“Organisations must make sure the information they hold on their customers’ files is accurate and kept up to date in order to comply with the Data Protection Act. In this case two customer files were consistently confused and the company failed to remedy the situation despite being alerted to the problem on more than one occasion before it was finally resolved.

“This case would be considered farcical were it not for the serious sums of money involved.”

“While data losses may make the headlines, most people will contact our office about inaccuracies and other issues relating to the misuse of their information. Inaccurate information on a customer’s record, particularly when the record relates to an individual’s financial affairs, can have a significant impact on someone’s life.

“We hope this penalty sends a message to all organisations, but particularly those in the financial sector, that adequate checks must be in place to ensure people’s records are accurate. Staff should also receive adequate training on how to manage and maintain them, with any concerns fully investigated in order to ensure problems are addressed at an early stage.”

Prudential has now improved the training it provides to its staff and updated its processes to ensure that the accuracy of customers’ records is maintained at all times.

Absolute Data is committed to ensuring companies and organisations, regardless of their size, create and follow realistic data protection policies and procedures that are above the law. We can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. We can either provide clients with a data protection toolkit, which offers a robust and effective solution in reducing the risk of data breaches, or a retained consultancy service, whereby one of our dedicated staff members works onsite with your staff for a pre-agreed number of days per week. Please get in touch to discuss how your organisation can ensure legal data compliance. Contact us now at