Orange in breach of Data Protection Act

Mobile operator Orange has been found to be in breach of the Data Protection Act (DPA) by the Information Commissioner’s Office (ICO), following an investigation into the way in which customers’ personal information was processed.

According to the ICO, Orange failed to keep its customers’ personal information secure, thereby exposing it to misuse. In particular, the ICO was concerned to find staff sharing login usernames and passwords to databases, meaning the operator had no way of tracking employee access to customer information.

The case highlights the ongoing problem of administering access rights and user authentication experienced by many organisations. In recent years the issue has been heightened by the growth of outsourcing and sub-contracting, which has served to complicate access privileges within the majority of companies.

The Information Commissioner’s Office is an independent authority dedicated to the  protection of personal information. In May, the Information Commissioner called for stronger powers to allow his office to carry out inspections and audits to ensure organisations are complying with the DPA.

ICO press report

Data Protection Act

Ian Cowley

Ian Cowley is the managing director of printer cartridge company By taking a systematic trial and improvement approach, Cowley and marketing director Sean Blanks have created a Sunday...

Related Topics