Carphone Warehouse warned on data protection
Accused of breaching the Data Protection Act by the Information Commissioner's Office, the mobile phone company and its broadband service TalkTalk blame free broadband offer for the trouble.
The Information Commissioner's Office (ICO) said the mobile phone firm and its broadband company breached the Data Protection Act when they opened customer accounts in the wrong name and sent incorrect information to credit reference agencies and debt collectors.
The ICO said security issues displayed account details online, and that the two companies had not responded to requests by individuals for the information held on them - a key tenet of the act.
Mick Gorrill, assistant commissioner at the ICO, said: "The Data Protection Act gives us all important rights, including the right to correct inaccurate information and to find out what information an organisation holds on us. Organisations that process personal information must comply with the act and, where we find that this is not the case, the ICO will take enforcement action."
He added: "Carphone Warehouse and TalkTalk's use of inaccurate and incorrect personal data has caused real damage and distress to customers. We have now ordered them to take the necessary steps to ensure customers' personal information is sufficiently protected."
The firms were sent enforcement notices, ordering them to improve their data protection management. Not complying with such notices is a criminal offence - and the ICO stressed it may take further action against the two firms if it isn't satisfied with their response.
A spokesperson for Carphone Warehouse said: "We are aware that a very small number of our customers raised concerns with the ICO some time ago. The issues were primarily caused by the significant interest in TalkTalk's introduction of free broadband, over 18 months ago."
"We take these matters very seriously indeed, and as soon as these concerns were brought to our attention we took immediate steps to resolve them and to ensure we are fully compliant with the Data Protection Act," the spokesperson said. "We apologise for any inconvenience that may have been caused and we will continue to work with the ICO in meeting and exceeding their expectations in this and any other respect."
Defeating ransomware with unified security from WatchGuard
How SMBs can defend against the onslaught of ransomware attacksFree download
The IT expert’s guide to AI and content management
How artificial intelligence and machine learning could be critical to your businessFree download
The path to CX excellence
Four stages to thrive in the experience economyFree download
Becoming an experience-based business
Your blueprint for a strong digital foundationFree download