DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Welcome Financial Services Limited Fined £150,000 After Backup Tapes With Customer Contact Info Lost

Posted on July 5, 2012 by Dissent

From the Information Commissioner’s Office:

Organisations are learning the hard way of the consequences of mishandling people’s information – and others need to heed the lessons the Information Commissioner, Christopher Graham, warned today at the launch of the ICO’s 2011/12 annual report.

The Commissioner’s comments came as the ICO imposed a civil monetary penalty (CMP) of £150,000 on the consumer lender, Welcome Financial Services Limited (WFSL), after the loss of more than half a million customers’ details.

Information Commissioner, Christopher Graham, said:

“Over the past year the ICO has bared its teeth and has taken effective action to punish organisations many of which have shown a cavalier attitude to looking after people’s personal information.

“This year we have seen some truly shocking examples, with sensitive personal information, including health records and court documents, being lost or misplaced, causing considerable distress to those concerned. This is not acceptable and today’s penalty shows just how much information can be lost if organisations don’t keep people’s details secure.

“We hope these penalties send a clear message to both the public and private sectors that they cannot afford to fail when it comes to handling people’s data correctly.”

Today’s penalty was issued after WFSL’s Shopacheck business lost two back up tapes which contained the names, addresses and telephone numbers of their customers in November last year. The tapes have never been recovered.

This latest penalty means that, since being given the power to issue CMPs from 6 April 2010, the ICO has issued 21 penalty notices, bringing the total value of the penalties issued by the ICO to over £2 million.

“It’s a case of ‘wake up and smell the CMP,” the Commissioner said.

While figures from today’s annual report show a 0.3% drop in the number of data protection complaints received by the ICO – with 12,985 complaints made last year – the report highlights the public’s growing concerns about unsolicited marketing calls and texts.

During the last financial year the ICO saw a 43% rise in the number of complaints under the Privacy and Electronic Communication Regulations (PECR) – which govern electronic marketing – with 7,095 complaints received.

Commenting on these latest figures, the Information Commissioner said:

“Last year the ICO gained tough new powers to tackle unsolicited marketing calls and texts, including the power to impose a penalty of up to £500,000 on the worst offenders.

“We have now set up a dedicated team to enforce the Privacy and Electronic Communication Regulations and we are currently working to identify the operators responsible. The ICO has executed search warrants at a number of sites across the UK linked to companies we believe are breaking the law.

“We have also set up an online reporting mechanism on our website that allows people to report any marketing texts or calls from unidentified senders. We have received over 12,000 reports to date and we are confident that this work will help us identify those responsible.”

The ICO has also witnessed a 7% rise in the number of Freedom of Information complaints, with 4,633 complaints received during 2011/12. Despite this increase in the ICO’s workload and despite cuts in government grant-in-aid, the ICO has reduced by 66% the number of FOI cases that have been with the office for longer than 6 months. The number of data protection cases taking over six months to complete has also fallen by 82%.

“Our work resolving freedom of information requests has also increased. As budgets tighten and public spending comes under even greater scrutiny, public authorities must remain transparent and accountable if they are to retain the trust of the public they serve,” the Commissioner said.

Meanwhile, figures from today’s annual report show a 60% increase in the number of audits carried out by the ICO Good Practice team. Of the 42 organisations audited, 90% felt that the process raised awareness of the importance of data protection in their organisations, showing that that the ICO’s audits are bringing real information rights benefits to those that take part.

The ICO is extending its audits to cover public authorities’ compliance with the Freedom of Information Act and has also introduced advisory visits to help small and medium sized organisations.

The 2011/12 ICO Annual Report and summary can be downloaded from the ICO’s Annual reports page

A copy of today’s monetary penalty – issued to WFSL – can be viewed on the ICO’s Taking action page

The penalty provides some greater detail on the incident with respect to types of information involved:

So… is this the first we’re hearing of this breach in the media? When were those affected notified?

Related posts:

  • Operation Anti Security Breakdown and targets, the full time line
  • Data breaches put domestic abuse victims’ lives at risk, UK Information Commissioner warns
  • UK: Leave.EU and Eldon Insurance fined over data law breach
  • UK: Axway provides statistics on complaints to the ICO
Category: Breach IncidentsFinancial SectorLost or MissingNon-U.S.

Post navigation

← Update: Federal appeals court raps U.S. bank over shoddy online security
Ca: BCIT warns medical database security breached →

1 thought on “UK: Welcome Financial Services Limited Fined £150,000 After Backup Tapes With Customer Contact Info Lost”

  1. IA Eng says:
    July 11, 2012 at 1:13 pm

    “It’s a case of ‘wake up and smell the CMP,” the Commissioner said.

    And CMP stands for ?

    COW MANURE PILE. Looks like if they stink like one, they will get caught and then have to pay the penality for doing something wrong, and associated clean-up as well.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.