Virgin Media found in breach of Data Protection Act
LONDON - The Information Commissioner's Office (ICO) has found Virgin Media in breach of the Data Protection Act following the loss of an unencrypted CD containing the personal details of over 3,000 customers.
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
The ICO was alerted to the data breach earlier this year following the loss of a CD that was passed to Virgin Media by Carphone Warehouse.
The disc contained the personal details of individuals interested in opening a Virgin Media account in a Carphone Warehouse store.
Virgin Media has been ordered to implement a number of security measures to protect customers' personal information more effectively.
It is required, with immediate effect, to encrypt all portable or mobile devices which store and transmit personal information.
Any company processing personal information on behalf of Virgin Media must also use encryption software, a requirement which must be clearly stated in all contracts.
Virgin Media is also required to sign a formal undertaking to comply with the principles of the Data Protection Act. Failure to meet the terms of the undertaking is likely to lead to further enforcement action by the ICO.
Mick Gorrill, assistant commissioner at the ICO, said: "The Information Commissioner's Office takes all breaches of data security seriously. Customers must feel confident that their personal information will be handled properly by an organisation and, importantly, that their details will not be accessed by a third party.
"The Data Protection Act clearly states that organisations must keep personal information secure. Virgin Media recognises the seriousness of this data loss and has agreed to take the immediate remedial action that we have outlined in order to protect its customers' personal details."
The ICO has ordered a number of organisations to sign undertakings following breaches of the Data Protection Act including the Department of Health, Foreign and Commonwealth Office and Orange Personal Communications Services.
Virgin Media: guilty of data breach
Comments
jonathan Goodwin - 01/10/2008
we need a governing body like this for the goverment then maybe they will stop leaving Laptops on trains!!
robin caller - 02/10/2008
So my company has developed a piece of software which, when contracted, stops this kind of thing from happening. Venture capital firms ask me if what we have is a "must have" solution or a "nice to have" solution. I guess it depends on the size of the penaties that companies will face for such blatent breaches. The point is that a professional data processing platform allows any individual or company to upload data to it, for the safe and secure, legal and encrypted, transfer from A to B. People need to stop using "windows" and other basic desktop environments for this kind of thing. Those that do it - they are the ones breaking the laws. The "muddle through" ethos is prevalent, with management ignoring the "need" to fix process, and then other Individuals within organisations failing to take personal responsibility. For more information, email me.
Paul Morris - 09/10/2008
The ICO does nothing but slap wrists. They have almost no power. If someone has been damaged by the unlawful disclosure of personal data, they may issue proceedings under section 13 of the DPA but damages are limited to financial - and you have to prove it. Often difficult. There is hope on the horizon though from Europe. Paul Morris The Data Protection Society