All the latest UK technology news, reviews and analysis
|
|
|
26 Aug 2010
The Information Commissioner's Office (ICO) has hauled electronics retailer DSG International over the coals for allowing sensitive customer data to be dumped in a skip next to one of its PC World stores.
The ICO said that DSG has been found in breach of the Data Protection Act after customers’ credit details were found by rubbish collectors.
John Browett, chief exec at DSG Retail, said it was company policy to send data in sealed documents to a facility for secure shredding, but conceded that the firm would now need to carry out a review of both security procedures and staff training.
Mick Gorrill, head of enforcement at the ICO, said: “Any organisation collecting and holding personal information needs to ensure that information is kept and disposed of safely and securely. This is an important principle of the Act. Staff need to be aware of policies and it is essential they receive appropriate training.”
Dixons was not the only firm to incur the wrath of the ICO, with the Yorkshire Building Society also getting a tongue-lashing after an unencrypted laptop containing personal information was stolen from one of its offices.
The laptop was recovered two days later, and a forensic investigation found that none of the data had been accessed. However, the ICO said the building society was lucky not to have suffered a serious data breach given that the passwords to the machine were left with it in an unlocked desk.
“It is extremely concerning that an unencrypted laptop containing large amounts of personal data was left unsecured overnight, together with details of its passwords," said Gorrill.
"What’s more, the fact that the employee did not require all the information to carry out the task in hand created an unnecessary risk which could easily have been avoided; employees should only have access to information that is abso lutely vital to work which is being carried out."
Some commentators will be urging the ICO to get tougher on these kinds of incidents. Although it now has the power to fine organisations up to £500,000, the ICO has been reluctant to do so.
This is in stark contrast to the FSA, which this week fined Zurich Insurance a record £2.3m after a data breach.
Latest stories from Privacy
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Prince 2 Project Management Professional, Client Facing...
Solution Architect / Technical Project Manager / Corporate...
Solution Architect / Technical Project Manager / Corporate...
Tier 1 Investment Bank seeks an Administrator with an...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?