[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 11 July 2007, 07:37 GMT 08:37 UK
Firms breaching data protection
Mouse and keyboard
Firms must take the matter more seriously, the commissioner warns
A "horrifying" number of companies, government departments and other public bodies have breached data protection rules in the past year, a report says.

The UK's Information Commissioner Richard Thomas said bosses must take the personal data of both customers and staff seriously.

Orange, Barclays and NatWest are three of the firms he has rapped this year.

The Ministry of Justice said prison sentences could be given to those who deliberately misuse personal data.

Mr Thomas received nearly 24,000 enquiries and complaints about personal information issues in 2006-07.

His report said 56.5% of these required only advice and guidance, while a breach was likely to have happened in 35% of cases, of which a further 77% resulted in remedial action.

"Frankly these are inexcusable. None of this is really rocket science - security is fundamental," he told BBC Radio 4's Today programme.

Main offenders

Internet firms generated the most complaints, with 13% of the total.

Are we becoming a surveillance society? No. We already are one

Mr Thomas told the BBC there were concerns about internet search engines which keep detailed histories of each individual's online activity.

"We're leaving these electronic footprints right through our lives these days," he said.

The annual report also highlighted a recent glitch on the Medical Training Application Service website which left trainee doctors' personal details open to public view.

After internet firms, 12% of complaints were about banks, 10% about direct marketing organisations and 7% about telecoms firms.

Information Commissioner Richard Thomas
My message to those at the top of organisations is to respect the privacy of individuals
Information Commissioner Richard Thomas

A total of 12 high street banks were guilty of discarding customers' personal details - including bank statements, cut up credit cards and loan applications - in unsecured bins outside their premises, the commissioner found.

Meanwhile, staff at an Orange call centre were found to have shared log-ins, meaning customer information could potentially have been accessed by unauthorised workers.

And in the public sector, a breach of online security in the Foreign and Commonwealth Office meant that people hoping to come to the UK from India had their personal information visible to others.

The Child Support Agency also gave rise to concern over its use of passwords by temporary staff.

Respect for privacy

"The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying," said Mr Thomas.

"My message to those at the top of organisations is to respect the privacy of individuals and the integrity of the information held about them, to embrace data protection positively and to be sure you are not the business or political leader who failed to take information rights seriously."

Mr Thomas said he wanted greater powers to check on companies' behaviour, principally the right to carry out an inspection without a firm's permission.

But a Ministry of Justice spokeswoman insisted the commissioner "already had adequate powers" and had received additional funding for the past two years.

A spokesman for John Lewis said while the public might be concerned, data collected by stores was not used in "customer-specific ways".

"It's more about trends and protecting their interests - if there was a fraudulent transaction, picking it up because we have an insight into their sort of habits," he said.

Information Commissioner Richard Thomas

Q&A: Protecting your identity
11 Jul 07 |  Business
Firms broke data protection rules
21 Jun 07 |  Business
A journey into personal privacy
18 Jun 07 |  Technology
Good privacy pays for web stores
07 Jun 07 |  Technology
Trust warning over personal data
13 Jul 06 |  UK Politics

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific