Printed from www.pcpro.co.uk
Orange breaches UK data privacy laws
Posted on 22 Jun 2007 at 12:31
The Information Commissioner's Office has found that Orange breached UK laws governing the processing of customers' personal information.
The ruling follows the investigation of a complaint about Orange Personal Communications Services. The complaint indicated that new members of staff were allowed to share usernames and passwords when accessing the company IT system.
The ICO found that Orange was not keeping its customers' personal information secure and therefore was in breach of the Data Protection Act.
'Organisations that process individuals' personal information must do so in compliance with the Data Protection Act,' said Mick Gorrill, head of Regulatory Action at the ICO. 'If they do not, they not only risk further action from the Information Commissioner but also risk losing the trust of their customers. Individuals must feel confident that organisations are safeguarding their personal information.'
Orange is now required to sign a formal undertaking to comply with the Data Protection Act.
An Orange spokesperson said that the investigation relates to an issue in November last year, when a member of staff made Orange managers aware that some employees were sharing their log-in details in order to access systems.
'All of our frontline staff, whether permanent or temporary, are provided with a unique log in to access the company's customer account systems,' the spokesperson explained. 'Each member of staff is also required to sign a non-disclosure agreement regarding their password as part of the company's email and Internet policy.
'Therefore, as soon as we became aware that some members of staff were sharing log-in details, we issued a communication to all employees reminding them that this was against Orange policy and that if a member of staff was found to be using a colleague's details to log into the system, it could result in disciplinary action. Procedural compliance was also tightened.'
Orange's internal investigation found no evidence that customer data was inappropriately disclosed as a result of the sharing of log-in details.
'The security of customer information is of paramount importance to Orange,' the spokesperson said. 'We employ a number of techniques to ensure customers are safeguarded from attempts to fraudulently access account information. We also employ a number of processes to monitor our staff's access of customer accounts to ensure such access is warranted.'
Last month the Information Commissioner, Richard Thomas, told the House of Commons' Home Affairs Select Committee that his office needs stronger powers to carry out inspections and audits to ensure organisations are complying with the Data Protection Act. Currently, the Commissioner must gain consent from an organisation before carrying out an inspection.
Author: Simon Aughton
advertisement
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- Microsoft Word 2010 screenshots: Text Effects
- Microsoft Word 2010: inserting screenshots
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
