Carphone Warehouse warned on data protection
Accused of breaching the Data Protection Act by the Information Commissioner's Office, the mobile phone company and its broadband service TalkTalk blame free broadband offer for the trouble.
The Information Commissioner's Office (ICO) said the mobile phone firm and its broadband company breached the Data Protection Act when they opened customer accounts in the wrong name and sent incorrect information to credit reference agencies and debt collectors.
The ICO said security issues displayed account details online, and that the two companies had not responded to requests by individuals for the information held on them - a key tenet of the act.
Mick Gorrill, assistant commissioner at the ICO, said: "The Data Protection Act gives us all important rights, including the right to correct inaccurate information and to find out what information an organisation holds on us. Organisations that process personal information must comply with the act and, where we find that this is not the case, the ICO will take enforcement action."
He added: "Carphone Warehouse and TalkTalk's use of inaccurate and incorrect personal data has caused real damage and distress to customers. We have now ordered them to take the necessary steps to ensure customers' personal information is sufficiently protected."
The firms were sent enforcement notices, ordering them to improve their data protection management. Not complying with such notices is a criminal offence - and the ICO stressed it may take further action against the two firms if it isn't satisfied with their response.
A spokesperson for Carphone Warehouse said: "We are aware that a very small number of our customers raised concerns with the ICO some time ago. The issues were primarily caused by the significant interest in TalkTalk's introduction of free broadband, over 18 months ago."
"We take these matters very seriously indeed, and as soon as these concerns were brought to our attention we took immediate steps to resolve them and to ensure we are fully compliant with the Data Protection Act," the spokesperson said. "We apologise for any inconvenience that may have been caused and we will continue to work with the ICO in meeting and exceeding their expectations in this and any other respect."
Key considerations for implementing secure telework at scale
Identifying the security risks and advanced requirements of a remote workforceDownload now
The State of Salesforce 2020
Your guide to getting the most from SalesforceDownload now
Fast, flexible and compliant e-signatures for global businesses
Be at the forefront of digital transformation with electronic signaturesDownload now
Rethink your cybersecurity strategy for the new world
5 steps to secure the enterprise and be fit for a flexible futureDownload now