Virgin Media found in breach of Data Protection Act

The ICO was alerted to the data breach earlier this year following the loss of a CD that was passed to Virgin Media by Carphone Warehouse. 

The disc contained the personal details of individuals interested in opening a Virgin Media account in a Carphone Warehouse store.

Virgin Media has been ordered to implement a number of security measures to protect customers' personal information more effectively. 

It is required, with immediate effect, to encrypt all portable or mobile devices which store and transmit personal information. 

Any company processing personal information on behalf of Virgin Media must also use encryption software, a requirement which must be clearly stated in all contracts.

Virgin Media is also required to sign a formal undertaking to comply with the principles of the Data Protection Act. Failure to meet the terms of the undertaking is likely to lead to further enforcement action by the ICO.

Mick Gorrill, assistant commissioner at the ICO, said: "The Information Commissioner's Office takes all breaches of data security seriously. Customers must feel confident that their personal information will be handled properly by an organisation and, importantly, that their details will not be accessed by a third party. 

"The Data Protection Act clearly states that organisations must keep personal information secure. Virgin Media recognises the seriousness of this data loss and has agreed to take the immediate remedial action that we have outlined in order to protect its customers' personal details."

The ICO has ordered a number of organisations to sign undertakings following breaches of the Data Protection Act including the Department of Health, Foreign and Commonwealth Office and Orange Personal Communications Services.

This article was first published on brandrepublic.com