Posted: 22nd Apr, 2008 By: MarkJ
Customers of the Carphone Warehouse (AOL UK, TalkTalk) will be aggrieved to learn that some of their personal details could have been bunged into a recycle bin somewhere in Lisbon, Portugal.
Carphone reportedly sends paper copies of its direct billing authorisations and contracts off to a outsourced company in Lisbon, otherwise known as the "
Departamento de Reconciliação", for validation
Unfortunately the details, which used to be stored after the process was complete, are now allegedly being thrown into a rubbish bin for recycling because they have become too expensive to retain.
The Inquirer claims that no effort is made to make the documents unreadable and the bins are left outside in the street for any old ID theft criminal to come along and abuse. Carphone has yet to comment on the accusations, which could involve thousands of customers details.
Ironically the Information Commissioners Office (ICO) has just warned chief executives over the vital importance of protecting staff and customers personal information. This follows an alarming number of security breaches reported to his Office in the past six months:
Since the security breach at HM Revenue and Customs in November last year, the Information Commissioners Office (ICO) has been notified of almost 100 data breaches by public, private and third sector organisations. Of the security breaches that the ICO has been made aware of by private sector organisations, 50% were reported by financial institutions. Of those reported by public bodies, almost a third occurred in central government and associated agencies and a fifth in NHS organisations.
Richard Thomas, Information Commissioner, said: It is particularly disappointing that the HMRC breaches have not prevented other unacceptable security breaches from occurring. The government, banks and other organisations need to regain the publics trust by being far more careful with peoples personal information. Once again I urge business and public sector leaders to make data protection a priority in their organisation. The level of understanding about data protection and the need to safeguard peoples personal information have no doubt increased and I am encouraged that more Chief Executives and Permanent Secretaries appear to be taking data protection more seriously, but the evidence shows that more must be done to eradicate inexcusable security breaches.