Employmentbuddy - Your best buddy in human resources

TalkTalk fined by ICO for subcontractor’s abuse of personal data

18 August 2017 #Data Protection

Following complaints from customers of scammers calling with personal details such as account numbers, TalkTalk’s investigators found that 3 employees at their subcontractor, Wipro, had used TalkTalk’s portal to gain unauthorised access to the personal data of 21,000 customers, Wipro had this access to deal with network problems, but the ICO were unimpressed with the lack of restrictions on Wipro staff accessing customer’s data. Wipro staff did not need to be on a work computer to access the portal and they could carry out “wildcard” searches using just an initial, which could allow them to view 500 customer records at a time.

TalkTalk were fined £100,000 by the ICO for failing to have appropriate technical or organisational measures in place to keep personal data secure. The ICO felt TalkTalk should have realised how vulnerable their system was to those trying to acquire large amounts of personal data for fraudulent use.

The case is a reminder to any firm on subcontracting work which involves data processing. You should not only consider your subcontractor’s policies, procedures and safeguards, but also review how they will interact with your systems and any vulnerabilities.

No doubt frustratingly for TalkTalk, had the case arisen after the introduction of the new EU’s General Data Protection Regulation (and UK’s Data Protection Bill which is to follow) Wipro could have been directly liable for breaches and fined. For further information on the new Bill please visit this article, and consider contacting Clarkslegal to discuss what you should be doing now to prepare.

Comments

Be the first to comment on this blog.


Leave your comments
Your comments will be published after being approved by employmentbuddy team, displaying your name as you provide it. But your contact details will never be published. Please read our terms and conditions.


Michael Hibberd

Michael Hibberd
Solicitor

E: mhibberd@clarkslegal.com
T: 0118 953 3905
M: 0779 900 7511