The ICO has fined Prudential £50,000 for keeping inaccurate personal data records, after tens of thousands of pounds ended up in the wrong savings account due to a mix-up over two customers with the same name and date of birth.
The mix-up, which started in 2007, continued for more than three years despite Prudential having been alerted to the mistake on several occasions, including through a letter from one of the customers in April 2010, which clearly indicated that his address had not changed for over 15 years. This is the first penalty handed out by the ICO thatdoes not relate to data being lost by an organisation.
Stephen Eckersley, ICO's Head of Enforcement, said, "We hope this penalty sends a message to all organisations, but particularly those in the financial sector, that adequate checks must be in place to ensure people's records are accurate. Staff should also receive adequate training on how to manage and maintain them, with any concerns fully investigated in order to ensure problems are addressed at an early stage.”