0191 232 0283
0191 261 6956
info@srflegal.co.uk
Follow us
    • About
      • SRF TODAY
      • OUR TEAM
      • CAREERS
      • CONTACT & LOCATIONS
    • Commercial
      • Corporate and Commercial
      • Commercial Property
      • Dispute Resolution
      • Debt Recovery
      • Employment Law
      • Insolvency
      • Regulation and Financial Crime
    • Private Client
      • Family Law
      • Wills, Trusts and Probate
      • Buying and Selling Property
    • News & Events
      • FIRM NEWS
      • EVENTS & SEMINARS
      • SRF NEST
    1. Home
    2. News
    3. Talk Talk Fined by ICO Again....

    Talk Talk Fined by ICO Again....


    Published on: 11th August 2017

    On 7th August 2017 The Information Commissioner's Office (ICO) fined TalkTalk £100,000 for leaving its customers' data open to exploitation when sharing the information with a third party. This is the company’s second major fine in a year for failing to protect customers' information from scammers. 

    The ICO reprimanded the firm and said TalkTalk should have been aware of the risks, which it had failed to mitigate despite having "ample opportunity over a long period".

    Investigation

    The penalty is a result of a three year investigation into the protections TalkTalk had in place when sharing data with its customer service outsourcer Wipro.

    The breach initially came to light in September 2014 when TalkTalk started getting complaints from customers that they were receiving scam calls. Typically, the scammers pretended they were providing support for technical problems. They quoted customers’ names, addresses and TalkTalk account numbers.

    The issue lay with a TalkTalk portal through which customer information could be accessed. A specialist investigation by the ICO identified three Wipro accounts that had been used to gain unauthorised and unlawful access to excessive amounts of personal data of up to 21,000 customers.

    However, The ICO investigation did not find direct evidence of a link between the compromised information and the complaints about scam calls.

    Regulation Breaches

    The data protection principles outlined in the Data Protection Act 1998 include that;

    ‘Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data.’

    It is the duty of a data controller, in this case TalkTalk, to comply with the data protection principles in relation to all personal data with respect to which he is the data controller. There has thus been a clear contravention of the Data Protection Act and deviation from its principles.

    This is the second time TalkTalk have been subject to ICO enforcement with the Watchdog issuing a record £400,000 monetary penalty last year for failing to protect its customers' details from cyber criminals.

    Information Commissioner Elizabeth Denham said:

    “TalkTalk may consider themselves to be the victims here. But the real victims are the 21,000 people whose information was open to abuse by the malicious actions of a small number of people. TalkTalk should have known better!”

    If you need advice on regulatory compliance, are being investigated or would like to appeal against enforcement please do not hesitate to contact Andrew Swan - Head of Regulation and Financial Crime or Sheila Ramshaw- Specialist in Regulation at Short, Richardson & Forth on 0191 232 0283.

    MORE

    • The FCA proposes tighter controls over Appointed Representatives (ARs)
    • Landlords and CVAs – CVAs triumph again
    • What is a Section 166 Notice from the FCA?
    • ICO calls businesses into action for the Children’s Code
    • Administrators’ duty of care in company sales
    • Breach of confidence by administrators
    • Liability of jointly appointed administrators
    • Telephone maintenance
    • The Financial Conduct Authority are looking to refuse my application for authorisation, what should I do?
    • ICO enforcement during Coronavirus public health emergency
    • Property possession: how do you proceed post-pandemic?
    • Losing the right to terminate supply: the impact of the Corporate Governance and Insolvency Act 2020
    • Employee claims in liquidation
    • Speeding during lockdown – the consequences of a heavy right foot!
    • Furlough Fraud – to confess or not confess: that is the question?
    • Finding The Time to Recap on Inheritance Tax Allowances
    • Coronavirus Causing A Surge in Wills and Powers of Attorney: Keeping Safe While Getting Affairs In Order And An Appreciation For Our NHS
    • The first ever compensation order
    • Driving and ‘using’ mobile phones – an update
    • Uber’s Huge Data Breach Hush-Up
    • Company Directors Oblivious to New Data Protection Rules
    • Warning for workers following data protection prosecution
    • Financial Crime Response Reforms to be Announced by end of 2017
    • Charities - Still Chugging Along?
    • Constructive dismissal explained - Podcast
    • ICO warns companies about the costly consequences of making nuisance calls
    • Charities - New Challenges New Opportunities
    • Breast Cancer Charity is first to be given official warning from the charity commission
    • Tata Fined £1m After Staff Exposed to Toxic Gas
    • Talk Talk Fined by ICO Again....
    • Claims Management Regulator Annual Report Summary 2016 - 2017
    • A New Data Protection Bill: Planned Reforms
    • Supreme Court delivers ground breaking decision on ET fees
    • New Regulator, New Preference Service, New Rules!
    • New Support Lawyer Joins Regulatory Law Department
    • ICO Publishes International Strategy
    • General Data Protection Regulation 2016: could your failures to protect data leave your company insolvent?
    • Signs of flexibility in EU markets?
    • Ransomware. Are you the victim or the perpetrator?
    • Transfer of claims management regulation – are you FCA ready?
    • The Best Possible Deal
    • Lobbying Act 2014: are you aware of its impact?
    • Deal or no Deal
    • Leap into the unknown
    • Newcastle law firm form specialist team
    • Newcastle University
    • Brexington Post - Issue 3
    • Supreme Court Ruling
    • Average Speed Camera Myth Buster
    • 12 days (and perils) of Christmas
    • Rising Star : Alexandra Withers
    • SRF Appoints Christine McVay as Head of its Family Law Division

    AUTHOR

    Andrew Swan

    PARTNER

    Head of Regulation

    Tel: 0191 211 1503

    Email: Send Message

    CONTACT US

  • 4 Mosley Street
    Newcastle upon Tyne NE1 1DE
    Tel: 0191 232 0283 Fax: 0191 261 6956
    Email: info@srflegal.co.uk
    DX: 61037 Newcastle

    Short Richardson and Forth Solicitors Limited is a private limited company registered in England and Wales under company No. 10572065, authorised and regulated by the Solicitors Regulation Authority No. 637150.

    Short Richardson and Forth Solicitors Limited is a private limited company constituted and run in accordance with the provisions of the Companies Act 2006. The term “partner” has been used to denote individual senior solicitors employed by Short Richardson and Forth Solicitors Limited.

    Website Privacy Policy

    Complaints Procedure

    • ABOUT
    • SRF Today
    • Our Team
    • Careers
    • Contacts & Location
    • COMMERCIAL
    • Corporate and Commercial
    • Commercial Property
    • Dispute Resolution
    • Debt Recovery
    • Employment Law
    • Insolvency
    • Regulation and Financial Crime
    • PRIVATE CLIENTS
    • Family Law
    • Wills, Trusts and Probate
    • Buying and Selling Property
    • NEWS & EVENTS
    • Firm News
    • Events & Seminars
    • SRF Nest