Orange breaches UK data privacy laws
By Simon Aughton
Posted on 22 Jun 2007 at 12:31
The Information Commissioner's Office has found that Orange breached UK laws governing the processing of customers' personal information.
The ruling follows the investigation of a complaint about Orange Personal Communications Services. The complaint indicated that new members of staff were allowed to share usernames and passwords when accessing the company IT system.
The ICO found that Orange was not keeping its customers' personal information secure and therefore was in breach of the Data Protection Act.
'Organisations that process individuals' personal information must do so in compliance with the Data Protection Act,' said Mick Gorrill, head of Regulatory Action at the ICO. 'If they do not, they not only risk further action from the Information Commissioner but also risk losing the trust of their customers. Individuals must feel confident that organisations are safeguarding their personal information.'
Orange is now required to sign a formal undertaking to comply with the Data Protection Act.
An Orange spokesperson said that the investigation relates to an issue in November last year, when a member of staff made Orange managers aware that some employees were sharing their log-in details in order to access systems.
'All of our frontline staff, whether permanent or temporary, are provided with a unique log in to access the company's customer account systems,' the spokesperson explained. 'Each member of staff is also required to sign a non-disclosure agreement regarding their password as part of the company's email and Internet policy.
'Therefore, as soon as we became aware that some members of staff were sharing log-in details, we issued a communication to all employees reminding them that this was against Orange policy and that if a member of staff was found to be using a colleague's details to log into the system, it could result in disciplinary action. Procedural compliance was also tightened.'
Orange's internal investigation found no evidence that customer data was inappropriately disclosed as a result of the sharing of log-in details.
'The security of customer information is of paramount importance to Orange,' the spokesperson said. 'We employ a number of techniques to ensure customers are safeguarded from attempts to fraudulently access account information. We also employ a number of processes to monitor our staff's access of customer accounts to ensure such access is warranted.'
Last month the Information Commissioner, Richard Thomas, told the House of Commons' Home Affairs Select Committee that his office needs stronger powers to carry out inspections and audits to ensure organisations are complying with the Data Protection Act. Currently, the Commissioner must gain consent from an organisation before carrying out an inspection.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
advertisement
