The Information Commissioner's Office has found
Virgin Media in breach of the Data Protection Act following the
loss of an unencrypted CD containing the personal details of
over 3,000 customers.
The Information Commissioner's Office (ICO) was alerted to the
data breach earlier this year following the loss of a compact disc
passed to Virgin Media by Carphone Warehouse. The loss came to
light in June.
The disc contained the personal details of individuals
interested in opening a Virgin Media account in a Carphone
Warehouse store.
Virgin Media has been ordered to implement a number of security
measures to protect customers' personal information more
effectively.
Virgin Media has been told to
encrypt all portable or mobile devices which store and transmit
personal information. Any company processing personal
information on behalf of Virgin Media must also use encryption
software. This must be clearly stated in all contracts.
The ICO has forced Virgin Media to
sign a formal undertaking to comply with the principles of the Data
Protection Act. Failure to meet the terms of the undertaking
will lead to further action by the ICO.
Mick Gorrill, assistant commissioner at the ICO, said: "The
Information Commissioner's Office takes all breaches of data
security seriously. Customers must feel confident their personal
information will be handled properly by an organisation and,
importantly, that their details will not be accessed by a third
party.
"The Data Protection Act clearly states that organisations must
keep personal information secure. Virgin Media recognises the
seriousness of this data loss and has agreed to take the immediate
remedial action we outlined to protect its customers' personal
details."