Orange fails to protect customer data

Information Commission finds Orange in breach of the Data Protection Act, but mobile phone company says customer data was not disclosed

Orange staff sharing passwords and login details increases risk of fraudulent activity

The Information Commissioner’s Office (ICO) says mobile phone company Orange has failed to protect its customer data.

The ICO found Orange processed personal information without adhering to the data protection act.

The phone company allowed members of staff to share user names and passwords when accessing the company IT system.

Mike Gorrill, head of regulatory action at the ICO, says organisations that fail to protect individuals’ personal information risk losing the trust of their customers as well as action from the ICO.

‘Individuals must feel confident that organisations are safeguarding their personal information,’ said Gorrill.

But in a statement responding to the Information Commissioner's ruling, Orange says an extensive internal investigation has shown no evidence that customer data was disclosed inappropriately due to the sharing of employee log-in details.

The company says as soon as it became aware some members of staff were sharing log-in details, they issued a communication to all employees reminding them that it was against Orange policy.

If a member of staff was found to be using a colleague’s details to log into the system, it could result in disciplinary action, according to the official statement.