Principle 7, referring to keeping data secure, is especially important where a business holds a lot of sensitive data on individuals.
In 2011, PlayStation manufacturer Sony were in the news after a hacker accessed their 77 million client records. Personal information, including names, addresses, dates of birth, email addresses, passwords and potentially credit card details, was stolen by the hackers and it was considered one of the worst security breaches in history.
To comply with the law, Sony had to contact everyone that potentially could have been affected by the breach. Customers were contacted and warned to be alert to fraudulent activity on their credit cards, scam emails and to urgently change their passwords and usernames.
The company was heavily criticised, temporarily shut down its online network and recieved a lawsuit from one client for ‘not taking reasonable care to protect, encrypt, and secure the private and sensitive data of its users.’
Real Life Cases
Similarly, in 2007, several high street banks were found by the Information Commissioner to be throwing customer information into bins outside their premises. This was a serious breach of the Data Protection Act and some of the businesses were heavily fined.
In 2008, it was disclosed that more than 1000 government computers had been lost or stolen in recent years. This included a Royal Navy officer’s laptop, containing the personal information of 600,000 people who had applied to join the Navy, Marines and RAF.
On a smaller scale, retailer Littlewoods came under fire after failing to process a customer’s data in line with the Data Protection Act. A customer asked the company to stop sending her sales material but, despite her requests, she continued to receive it. Littlewoods was warned by the ICO to ensure that they comply with the Act in future.
All these examples are in real life, and show that companies that breach the law will receive high levels of unwanted attention and severe penalties.