Orange breach UK Data Protection Act

Link: Orange and Littlewoods breach Data Protection Act, says ICO | OUT-LAW.COM (Via The Register)

The UK Information Commisioner’s Office have today ruled that Orange breached the Data Protection Act’s security rules.

The case followed a complaint about the way Orange processed personal information – in particular they were allowing new staff to share usernames and passwords for the company’s IT systems. Following an investigation, the ICO found that Orange was not keeping it’s customers personal information secure.

In addition to a general promise to comply, Orange’s undertaking states: “The sharing of user names and passwords by Customer Service Representatives, to access computer systems, shall not be allowed under any circumstances.”

Failure to meet the conditions of the undertaking is likely to lead to further enforcement action by the ICO and could result in prosecution by the Office.

I used to get phone calls from companies claiming to be Orange themselves, or a ‘partner’, trying to get me to extend my contract, change tariff, come back to Orange after porting, etc etc. Most of the time their info was so out of date it was hilarious. However, how did they get that information in the first place?