John Taylor of Whitehall Partnership writes:
Aegon, the insurance company recently transferred the personal details of around 35 clients to our firm due to an administrative error. This allowed us to see personal information of their customers over the internet and to the ability make changes to their investments.
The error came to our attention after noticing the value of investments managed for our clients was higher than expected. Further investigation identified over £1.2 million held across pension plans and other investments incorrectly assigned to our firm.
We notified Aegon of the error immediately, but their response was very disappointing.
Read more about Aegon’s response and why Taylor considers it inadequate on This is Money. One of his criticisms is one that I’ve raised for both the U.S. and U.K. – the lack of a national data breach notification law. Aegon clients’ data were exposed to others who had no legitimate right to see those data. Should their clients have been notified, or should Aegon be allowed to keep this quiet as no harm came to the clients? Personally, I continue to believe that such lapses or breaches should be disclosed so that clients can determine if there is any action they feel they need to take to protect themselves.
h/t Jon Baines