Keep yourself up to date. Sign up for our e-newsletter:

All fields required







Could your business be damaged by bad publicity?

The Information Commissioner actively seeks exposure for companies guilty of poor handling of data protection issues which will lead to adverse publicity.

In January 2008 Marks & Spencer professed surprise at an Enforcement Notice served by the Information Commissioner in respect of a lap-top containing personal information relating to 26,000 employees stolen from the home of a contractor in April 2007.

M&S were already working with the regulator to improve security for personal information in its control. However the regulator could not forgo the opportunity to publicise its views on lap-top encryption and make an example of such a high profile organisation.

Recent security breaches have made news headlines without the intervention of the Information Commissioner. This type of security breach affects the reputation of the organisation and the professional and career reputation of individuals as well as exposing individuals to potential identity fraud and very real worry and concern until the issue can be resolved, if indeed it can be resolved.  

  • In January 2008 the Ministry of Defence admitted that several laptop computers used by employees had been stolen or lost.
  • In December 2007 Nationwide Building Society made the headlines with a security breach that threatened customers’ money. A record £1.25 million fine was levied by the Financial Services Authority for security failings at call centres and in monitoring activities.
  • Also in December the government had difficult questions to face when it emerged that data relating to 3 million learner drivers under the control of the DVLA had been lost in Iowa in the US.
  • Also in December nine Health Service authorities admit to security breaches involving the loss of patient data as the government tries to get its house in order following the series of breaches involving government departments.
  • In November 2007 the BBC programme Watchdog reported cases where HMRC had sent letters including confidential details to the wrong addressees.
  • Also in November a computer disk sent from the NI contributions Office in Newcastle to Standard Life's offices in Edinburgh went missing in the post. The information on the disk included names, NI numbers, dates of birth and pension data.
  • Also in November HM Inland Revenue and Customs officials lost unencrypted cds carrying names, addresses and bank account details of 25 million child benefit recipients in the UK. The Chief Operating Officer of the department resigned immediately.
  • And in November the Foreign Office made a formal undertaking to protect the security of personal data in its control after the ICO found that personal data relating to visa applicants was visible online at the UK visas website.
  • In October 2007 Unison complained that salary details of ambulance call centre staff were posted on the internet as part of the explanation of plans to close and relocate sites. West Midlands Ambulance Service said that individuals could not be identified from the information disclosed but it did include dates of birth, length of service, personnel number and their grade.
  • In October 2007 a laptop was stolen from an employee of HMRC containing audit details of several investment firms including personal data relating to individual customers of Standard Life among others.
  • In September 2007 a laptop with confidential financial details of some 1,000 council workers is stolen from Bury St Edmunds Borough Council by burglars.
  • Also in September: a credit broker, Loans.co.uk, reported the theft of personal customer data by hackers.
  • July 2007: Newcastle City Council admits that thousands of credit and debit card transaction details were placed on an insecure server in error and accessed by overseas computers. The information included payments for council tax, business rates, parking fines and rents as well as some transaction details relating to use of credit cards for council services.
  • June 2007 confidential documents containing information about adults with learning difficulties were found in a Lincoln Street near a Social Education Centre.
  • June 2007: The Information Commissioner announces that mobile phone operator, Orange, was in breach of the Data Protection Act in the way it processed customer personal information. New members of staff at Orange were allowed to share user names and passwords when using the customer information system.
  • June: A laptop is stolen from the payroll service provider to the Eden Project. It contains names, addresses, bank details, NI numbers and pay rates.
  • May 2007: Cable & Wireless serve an injunction on a former executive employee related to the theft of a customer database. The customers are now being targeted by credit card fraudsters based in Pakistan.
  • Also in May: A Cornish NHS Trust has a computer stolen containing details of its 10,000 strong workforce.
  • May 2007: A computer sold on eBay is found to contain reports and details about fostering and adopting vulnerable children in Essex. The computer formerly belonged to Southend Borough Council.
  • Also in May 2007 the Department of Health’s Medical Training Application Service, published details of junior doctors in error so that they were accessible to anyone visiting the website.
  • April 2007 documents found in Nottingham by a BBC reporter contained confidential information from the HRMC. They included a VAT return and details of customs interviews with suspect smugglers at an airport.
  • In March 2007 TK Maxx report that hackers have illegally stolen customer data including credit card details from its UK based accounts processing centre.
  • February 2007: Worcestershire County Council sets up a helpline for council staff at risk of identity fraud following the theft of a laptop. The information at risk inlcudes names, national insurance numbers and bank details.
  • In November 2006: The Financial Services Authority investigates a lapse of security at Nationwide Building Society in which a laptop carrying personal data relating to customers is stolen.
  • In October 2006: The Information Commissioner announced an investigation into how customer personal data came to be in bins outside a post office and several banks in Southampton.
  • August: An admission by the Home Office of five separate occasions when its database security was compromised.
  • June 2006: It was reported that an employee of HSBC in Bangalore was arrested in connection with a financial scam operating from a HSBC call centre.

Go back