No policy in place at Spectrum to prevent data breach - ICO
Dorset-based Spectrum Housing Group has breached the Data Protection Act by sending the personal data of 200 employees to the wrong email address, the Information Commissioner's Office (ICO) has said.
An investigation by the ICO found that at the time of the incident Spectrum did not have a sufficient policy in place to help prevent such incidents and ordered the company to take action.
In March 2011, an employee of the group accidentally emailed a non-secure Excel spreadsheet containing employees' data, including details of their pension contributions, to the wrong external address, the ICO said.
The error was discovered 30 minutes after the email had been sent, at which point the unintended recipient was informed and the data destroyed.
Acting ICO head of enforcement Sally Anne Poole said: "While on this occasion the information compromised was not sensitive, the fact is that at the time of the incident Spectrum did not have appropriate controls in place.
"This case highlights the need for organisations to make sure that adequate checks are in place and documents suitably protected before they are sent out."
Spectrum chief executive Wayne Morris has now signed a formal undertaking to ensure spreadsheets or other documents containing personal data are only sent by email where necessary and only contain the minimum amount of data required.
The company will also consider, where appropriate, password protecting or encrypting documents containing personal information, the ICO said.
