INFORMATION SECURITY RISK

The Information Commissioner has urged businesses to take more care with customers' information after a series of breaches. Here are some cases which his officials have investigated.

BANKS 'CARELESS' WITH INFORMATION

Several banks were criticised for dumping customers' personal information in bins outside their premises.

The institutions were HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough Building Society, Clydesdale Bank, NatWest, United National Bank, Barclays Bank, Co-operative Bank, HFC Bank and Nationwide building society.

The probe followed evidence from the BBC's Watchdog programme which found information including details of a bank transfer for £500,000 outside a Nottingham branch of the Royal Bank of Scotland.

They promised to comply with the Data Protection Act following the investigation and can be prosecuted if they fail.


HACKERS TARGET TK MAXX

Hackers stole information from millions of customers' payment cards after targeting TK Maxx's data centre in Watford.

Stores in the US, UK, Canada, Ireland and Puerto Rico are affected

The information was stolen over 16 months from July 2005 and covered credit and debit card transactions as far back as December 2002.

The cause of the theft, its full extent and effect on customers are not known, but for most people the stolen card details would no longer have been relevant.

TK Maxx said it had been working to strengthen the security of its computer systems since the crime's discovery.

The Information Commissioner's office is now considering its next step in the investigation after receiving information from the company.

DOCTORS' WEBSITE ACCESSED BY ALL

The website used by junior doctors to apply for jobs in the NHS is being investigated after personal information was found to be visible online.

Phone numbers, addresses, previous convictions and sexual orientation were among details available to the public for at least eight hours on the NHS Medical Training Application Service.

The Department of Health apologised but said the information was only available briefly, and only to people making employment checks.

It is also investigating further claims that doctors could access each other's files by changing two digits in the personalised web address given to each individual.

The department is carrying out its own internal investigation and will report back to the Commissioner.


ORANGE 'NOT SECURE'

Mobile phone company Orange was criticised for not keeping its customers' personal information secure.

Orange said its customers' security was 'paramount'

It was investigated after the ICO received a complaint about the way Orange processed personal information.

New staff shared user names and passwords when accessing the company IT system, which meant that information could be accessed by unauthorised members of staff.

Orange was ordered to sign an undertaking to comply with the rules of the Data Protection Act.

An Orange spokesman said the security of customer information was "paramount" to the company.

LITTLEWOODS UNWANTED MAIL

A customer of home shopping firm Littlewoods complained after trying to stop the company using her information to send her sales material.

Despite her requests they continued to send her the material.

The ICO investigated and ruled that Littlewoods had failed to process customers' data in line with the Data Protection Act.

Littlewoods was told to sign an undertaking to comply in future.