Littlewoods also gets a rap on the knuckles from the Information Commissioner
By Tim Ferguson
Published: 22 June 2007 14:56 GMT
Orange and Littlewoods have been found to be in breach of the data protection act (DPA) by the Information Commissioner's Office (ICO).
The finding relates to customer details being left open to potential fraud or retained without customer consent.
Orange call centre employees were found to be sharing log-in details for the customer information database, meaning there was no way of knowing who had accessed data.
An ICO spokeswoman said: "It [the database] was potentially open to fraudulent use. It could potentially be quite serious."
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
However, an Orange investigation found no evidence to suggest customer data was disclosed to anyone who shouldn’t have access to it.
As soon as the company became aware of the issue, procedural compliance was tightened and a company-wide communication was sent out reminding employees it was against Orange policy to share log-in details.
Littlewoods were investigated after a customer continued to receive marketing material after requesting their details be removed from the company's database.
In a statement, Littlewoods said the issue affected one individual and was caused by a "clerical error which has now been rectified".
A Littlewoods spokeswoman said: "It's not indicative of a general failure to uphold the general data-protection principles."
Both companies have signed a formal undertaking with the Information Commissioner to comply with the principles of the Data Protection Act.
Paul Skinner, underwriting specialist at Chubb Insurance, said the ICO's ruling should be a "wake up call to businesses throughout the country to adopt stricter measures and working practices to protect confidential data".
If the two companies continue to fail they could be subject to further ICO action which could lead to unlimited fines in the event of the issue reaching a crown court.
For several YEARS I was receiving marketing materi...
Anonymous
Assist with sales activities in growing our business i.e.by contributing to and writing proposals or thought pieces for prospects and attending sales ...
Deliver a report recommending measures to ensure compliance with the data protection legislation. SAP Data Protection Act Gap Analysis Consultant ...
London- Flash/Flex, ActionScript, PHP, HTML, CSS, SVN A media company based in London is looking for a Flash Developer with an excellent knowledge of ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business