Dixons Retail has been rapped on the knuckles by the Information Commissioner’s Office for breaching the Data Protection Act by dumping customers’ financial information in a skip.
A local authority’s health department discovered the eight completed credit agreements in or near a skip outside a branch of PC World. The exact store has not been identified.
The documents, which contained personal and financial information, related to transactions made two years earlier, and had been kept beyond Dixons’ recommended period for holding personal data.
Under the company’s normal procedure, the documents should have been transported in sealed containers to a central facility for secure shredding.
Mick Gorrill, head of enforcement at the ICO, said: “Any organisation collecting and holding personal information needs to ensure that information is kept and disposed of safely and securely. This is an important principle of the Act.
“Making sure data is disposed of securely and not keeping information for longer than is necessary can help to prevent information falling into the wrong hands. Staff need to be aware of policies and it is essential they receive appropriate training to follow them.”
Dixons CEO John Browett has signed a formal agreement to take steps to prevent a similar breach happening again, including a review of security procedures and providing training for staff on complying with security policies.