Mobile phone company Orange and home shopping firm Littlewoods have broken rules on protecting customer details.
Many consumers worry about what happens to personal data
The Information Commissioner said they broke the Data Protection Act over how customer information was processed.
Richard Thomas said Orange had not kept customers' personal information secure and Littlewoods did not process customers' data in line with the act.
An Orange spokesman said the security of customer information was "paramount" to the company.
The Information Commissioner's Office (ICO) received a complaint regarding the way in which Orange processed personal information - in particular, the way in which new members of staff were allowed to share user names and passwords when accessing the company IT system.
In a separate investigation, the ICO ruled that Littlewoods had failed to process customers' data in line with the Data Protection Act.
This followed a customer's attempt to stop the company using her personal data for direct marketing purposes.
Despite her requests, Littlewoods continued to send her marketing materials.
Both companies were found to be in breach of the Data Protection Act and have been ordered to sign an undertaking to comply with the rules.
With more and more personal details now held on corporate computer systems, there is pressure on companies to show that they are not breaching customers' privacy.