Virgin Media, which in June lost an unencrypted CD containing the bank details of 3,000 customers, has been found to be in breach of the Data Protection Act.
Virgin Media, which alerted the Information Commissioner to the problem in the first place, was ordered by the ICO to encrypt all portable and mobile devices that store and transmit personal information. Any company processing personal information on behalf of Virgin Media must also use encryption.
The company told CIO sister title Computerworld UK it had already complied with the ruling. "Since our internal review, we have implemented all of the requirements stipulated by the ICO," a spokesperson said.
"Customer privacy is of the highest importance to us, so we immediately undertook a full review of our data protection policies and practices to ensure this matter does not occur again," the spokesperson added.
Mick Gorrill, assistant commissioner at the ICO, said: “The Information Commissioner’s Office takes all breaches of data security seriously. Customers must feel confident that their personal information will be handled properly by an organisation and, importantly, that their details will not be accessed by a third party.”
The disc that had been lost contained the personal details of individuals interested in opening a Virgin Media account in a Carphone Warehouse store. At the time, a spokesperson at the television and broadband firm apologised to customers and said: “We would normally send encrypted files by FTP.”
The ICO has been stepping up pressure on both the public and private sectors to improve their data handling. In July, it said it needed stronger powers and more funding.
Yesterday, the pressure on the government to improve its data handling was increased, after it emerged charges would be filed against the official who in June left top secret intelligence files on Al-Qaeda on a train.