Royal London faces up to data protection breach

by Gill Montia

Story link: Royal London faces up to data protection breach

Royal London Mutual Insurance Society has been rapped over the knuckles by the Information Commissioner’s Office (ICO) after breaching the Data Protection Act.

The reprimand comes after eight of the firm’s laptops, two of which contained details of 2,135 people who had sought pension scheme illustrations, were stolen from the company’s Edinburgh offices.

The data were password protected but unencrypted.

An internal report established that the company was uncertain about the precise location of the laptops at any given time and that physical security measures were inadequate, in part because managers were not aware that personal information was stored on any of the laptops.

Royal London’s group chief executive, Michael Yardley, has promised that the company will mend it ways and signed an official undertaking to that effect.

The ICO’s head of enforcement, Mick Gorrill, drives his message home with the following statement: “It is crucially important that portable devices such as laptops containing personal information are properly protected.”

Adding: “All staff members should be fully aware of the policies and procedures in place to safeguard personal information and should be appropriately trained.”

Last month, reports emerged that Royal London was in talks with rival mutual, Royal Liver, regarding a merger.

A search for a partner could have been prompted by the Financial Services Authority’s concerns over mutuals’ balance sheets, particularly with regard to their with-profits funds.