Electronics retailer DSG has been found in breach of the Data Protection Act by the Information Commissioner’s Office (ICO), following the discovery of customers’ credit agreements in or near a skip at one of the company’s PC World stores.
The discovery of eight completed credit agreements containing customers’ personal and financial data was made by a local authority’s environmental health department. The documents related to transactions made two years prior and had been kept beyond the period recommended by DSG’s policies for holding personal data. The company’s normal procedure for destroying sensitive documents should have meant that they were transported in sealed containers to a central facility for secure shredding, but this did not occur in this instance.
John Browett, Chief Executive of DSG Retail, has signed a formal undertaking agreeing to take a number of steps to prevent a similar breach happening again. These include conducting a review of security procedures and providing appropriate training for staff on complying with the company’s security policies.
Mick Gorrill, Head of Enforcement at the ICO, said: “Any organisation collecting and holding personal information needs to ensure that information is kept and disposed of safely and securely. This is an important principle of the Act. Making sure data is disposed of securely and not keeping information for longer than is necessary can help to prevent information falling into the wrong hands. Staff need to be aware of policies and it is essential they receive appropriate training to follow them.”
A full copy of the Undertaking can be found here: http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx
Source: Information Commissioner’s Office