ICO calls for end to data protection leaks

by Nikki Sandison, Brand Republic 11-Jul-07, 09:55

LONDON - The Information Commissioner has called for chief executives to take the security of customers and staff more seriously following a 'horrifying' number of data protection leaks over the last year.

At the launch of his annual report in London, Richard Thomas, the Information Commissioner, said: "Over the last year we have seen far too many careless and inexcusable breaches of people's personal information.

"The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious offences is frankly horrifying."

The report reveals that the ICO received almost 24,000 enquiries and complaints concerning personal information in the past year.

The commissioner said that the public's awareness of data protection rights had risen to a record level of 82% with more people understanding the need to handle personal information appropriately.

The highest number of complaints was about internet firms, followed by banks, direct marketing organisations and telecoms companies.

Last month the ICO found Littlewoods and mobile operator Orange in breach of the Data Protection Act.

In one case, Littlewoods continued to send a customer marketing material despite her attempt to stop it using her personal data for marketing purposes.

In the other case, Orange call-centre staff were allowed to share usernames and passwords when accessing the company IT system.

Comments

Mui Luc - 12/07/2007

David Arrowsmith, Customer Managment, SAS UK Who can we now trust with our personal information? The recent call from the Information Commissioner to UK executives stressing the need for more stringent protection of customer data is a welcome and much needed step in the right direction. The breaches that Richard Thomas refers to explain why, we as consumers, are becoming increasingly incensed at how careless some UK organisations are being when using sensitive customer information. There is also growing evidence that in some cases deliberate misuse of this data, solely for the financial gain of the business, is being sanctioned at the highest level in businesses either directly or through abdication of corporate responsibility. The problem is that too many organisations are storing and using the same customer data, without control, so one department or office is not aware of what the other is doing with that information. As the article suggests, this can easily lead to customer contact being duplicated, for example, multiple sales calls to the same customer on the same day. This destroys brand value, something that all executives acknowledge is difficult to build in today’s market place, yet they are simply not in control of what is happening. This type of carelessness is negatively affecting the customer’s experience of some organisations and UK executives must address this if they want to maintain a positive relationship with their customers. UK executives need to understand and address internal data infrastructures to prevent information from being misused as carelessly as Richard Thomas points out. Critically, they need to encourage an organisational culture that realises the value and vulnerability of customer information as an asset and understands the importance of protecting it. There are enough threats to customer data from the criminal community, without legitimate organisations adding to it through an array of careless activities which can be managed. Deliberate misuse is inexcusable, even through ignorance and must be punished by the IC. I am sure that ignorance and poor management will be suitably punished by consumers over time. The danger here is that those who do protect data effectively will be tarnished by those who do not.