Two high street giants, Orange and Littlewoods, have been found in breach of the Data Protection Act following the negligent management of sensitive customer information.The Information Commissioner’s Office launched separate investigations into the two firms and has ordered both to sign a formal agreement to comply with the principles of the Data Protection Act or face further action and prosecution.
The privacy watchdog received a complaint from an Orange customer regarding the way the mobile network firm processed personal data, in particular the lax way in which new members of staff were allowed to share usernames and passwords when accessing the company IT system. Following its investigation, the ICO ruled that the French company was not keeping its customers’ details secure and therefore had breached data protection legislation.
In a separate incident, the regulatory body was alerted to Littlewoods’ conduct after a customer attempted to stop the retailing giant from using her personal details for direct marketing purposes. Despite her requests Littlewoods continued to send her marketing materials, according to the independent body.
“Organisations that process individuals’ personal data must do so in compliance with the Data Protection Act,” said Mick Gorrill, Head of Regulatory Action at the ICO. “If they do not, they not only risk further action from the Information Commissioner but also risk losing the trust of their customers. Individuals must feel confident that organisations are safeguarding their personal details.”
Last month, the Information Commissioner, Richard Thomas, called for stronger powers to allow his office to carry out inspections and audits to ensure organisations are complying with the Data Protection Act. At present, it must gain consent before inspecting a company for compliance.