Toshiba Information Systems (TIS) has been slammed by the Information Commissioner's Office (ICO) for breaching the Data Protection Act (DPA) after a fault on a competition website designed by a third-party developer left the details of entrants visible to the public.
The flaw exposed some 20 individuals' names, addresses, dates of birth and contact details and the issue was only brought to light when a member of the public contacted the ICO to inform them of the error.
The ICO said that Toshiba had not imposed stringent enough rules on its developers, which resulted in the faulty website going live.
Stephen Eckersley, the ICO's head of enforcement, said the watchdog was satisfied Toshiba was now aware of the measures it needs to take to avoid a similar incident in the future and warned other firms of the importance of checking work produced by outside agents.
"It is vital that, as ever-increasing amounts of our personal information are collected online, companies have the necessary safeguards in place to keep this information secure," he said.
"We would urge other UK organisations with interactive websites to make sure they have suitable checks in place before collecting peoples' details online."
Toshiba said it welcomed the ICO's report and sought to reassure its customers that it had learnt from the incident and had addressed the issue as soon as it was made aware of the breach.
"Toshiba takes the security of its customers' personal information very seriously and following this occurrence conducted an extensive internal review of all data protection procedures and protocols throughout the organisation," it said.
"It is important to bear in mind that no sensitive data was at risk, and that on discovering the data vulnerability Toshiba took immediate action to remedy the issue within a matter of hours and subsequently contacted all affected customers."
Under the current DPA, there is no definition of 'sensitive data', merely a requirement on firms to protect personal information that they collect.
Last week the ICO was forced to issue an undertaking against an NHS trust after two unencrypted USB sticks containing sensitive data were mislaid, as data breaches continue to occur in both the private and public sectors.
Worried about data privacy? Here are several ways to secure your Facebook account
Microsoft comes up with a new way to foist its unloved and little used Edge web browser on people
Facebook suspends Cambridge Analytica following weekend claims that it illegally harvested information from 50 million users
Insider claims Cambridge Analytica used academic app to filch Facebook data of 50 million users