"If an organisation decides that a breach doesn’t need to be reported they should keep their own record of it, and be able to explain why it wasn’t reported if necessary," the spokesperson added.
Similar Incident
This is not the first time Scottish Widows has been in toruble over a data breach.
Back in 2019, FT Adviser reported that Scottish Widows was accused of breaching data protection rules after it sent sensitive client information to the wrong policy holder by accident.
One of Scottish Widows’ clients received a letter, seen by FT Adviser, which included various pieces of information about another client’s pension pot.
This included details such as the start date of the plan, the amount of assets held, the membership number and the level of employer contributions.
At the time Scottish Widows confirmed this letter was sent out in error and said it was an isolated case that followed an employee making a mistake when entering data.
The error arose when the employee was completing the same task for two different customers at the same time.
Both clients received their correct cover letter and policy information but one of the individuals received a second letter intended for the other customer, as the employee processing the requests added the wrong address to one of the letters.
Scottish Widows had explained to both customers how the mistake happened and said it had increased oversight levels on their files as a precaution.
alina.khan@ft.com
