back to article Orange and Littlewoods breach Data Protection Act, says ICO

Mobile operator Orange has breached the Data Protection Act's security requirements and home shopping giant Littlewoods has breached the Act's marketing rules, the Information Commissioner's Office (ICO) has ruled. Today's announcement indicates that the commissioner is increasing his leverage against data controllers, …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Orange

    Oh dear. Orange are lying through their back teeth again I see.

    They're still sharing logins in at least one of the UK call centres. They're not sorry it happened, just sorry they were caught.

  2. Kevin Kenny

    Sharing logins

    When I worked at Intelligent Finance (part of HBoS) their IT team took 5 weeks to assign me a login and so to get anything done I had use my managers login!.

    In the meantime I'd had my security and anti fraud awareness training which specifically forbade login sharing.

    Funnily enough I quit IF on the 6th week when they finally pulled their finger out and went to work for a company that actually got stuff done.

    A mate who's started on a contract at HBoS IT centre in Edinburgh has been there for a month now, still no further forward with getting a login or any relevant development tools and is having use someone else's credentials.

    It's endemic is these big organisations.

  3. Stuart

    sitting around doing nothing....??

    Kevin,

    i feel that you are being a little unfair to IT staff, especially at large companies. Yes, having been both a contractor and a permie at several rather large organisations i agree that there are individuals who are quite frankly a waste of space. However, taking 5 weeks for a logon is not at all surprising to me. In fact, as a contractor i had to wait 3 months, and during that time (ironically, trying to enforce security ??!!) i was constantly confronted with new staff members who were, despite strict guidelines to the contrary, sharing logons. The problem that was faced on a day to day basis by the IT team was that the sysadmins who created the new user accounts were not even IT dept (a trend i have seen increasingly over the years to prevent circumvention of policy regarding network access and permissions) and they had no user interaction. And to compound issues further, departments would fail to inform the sysadmins that new staff were actually starting before they had arrived on site. After all, compliance does require a paper trail, so no auditable request equals no logon.

    Hence, queue the inevitable 'IT are useless' comments when it really was nothing to do with them.

    But that's one problem IT cannot easily overcome...it's an easy dog to kick.....

  4. Anonymous Coward
    Anonymous Coward

    PC World do this too!

    In PC World in Basildon (cant comment for the other stores) only the "tech guys" have logins for the refunds system.

    Said "tech guys" are told by managers that they have to login as themselves so that the CSA's can process the refunds. erm....yes you guessed it, laptops go missing and WHO gets the blame?

    Having spoken to the ICO, they confirmed that this was a breach of Data Protection but unless the managers confirmed in writing that this was the practice, there is no way of proving it...er good thing the police dont work like that eh?..oh..hang on

  5. ian

    Is this an April fool?

    ICO pulls its finger out? I may have my mind addled by glastomud, but you won't fool me with that one.

  6. Anonymous Coward
    Anonymous Coward

    Orange is cleaning house

    My daughter worked for Orange Retail until recently and without question there are serious issues over customer data held on there system.

    In the store that she worked in that was a document sat above the computer in the back office that had all of the user names and passwords for all staff so that anyone could get on to see customer account details.

    Recently a business account was accessed when it should not have been (no customer in store etc) and my daughters login was used.

    As a consequesnce, Orange relieved her from her job.

    The remarkable thing about this is that on the login records there were two names listed, hers and another person that had left two weeks previously. Clearly the fact that the other persons name on the list proves that they cannot use that list as any accurate record of who accesses the data.

    Anyway the points are a) Orange are truly sloppy with customers data and b) their approach to dealing with this is not training etc. it's to sack the lowest level young staff.

This topic is closed for new posts.