ICO investigates Play.com breach
Hear the roar of the regulator
The Information Commissioner's Office has confirmed it is investigating complaints into Play.com.
The online seller of DVDs, CDs and games last week sent out dozens of order confirmation emails to the wrong recipients. One Reg reader received some 24 emails with personal details of 24 people.
The company said it had fixed the problem.
A spokesperson for the Information Commissioner’s Office said: "Any organisation which processes personal information must ensure that adequate safeguards are in place to keep that information secure. This is an important principle of the Data Protection Act.
"Failure to protect personal details could lead to information falling into the wrong hands and ultimately the loss of customers’ trust and confidence. We have received a small number of complaints regarding Play.com which we are looking into.”
Of course the ICO has long been lobbying for stronger powers to deal with companies, and government departments, which break data protection laws. Its powers are very limited, especially in the case of a first incident. But European law may force the goverment to adopt a data breach law - making companies admit to data losses.
In other news Michael Wills, minister of state at the Ministry of Justice, told Parliament yesterday that he was opening a consultation on civil penalties for data losses. The government proposes maximum civil monetary penalties of £500,000. Data controllers can let the minister know what they think, or respond via declared the ICO's website. ®