The UK arm of World-leading communications company Toshiba has been criticised by the UK Information Commissioner's Office for breaching the Data Protection Act (DPA) after a fault on a competition website designed by a third-party developer left the details of entrants visible to the public.

The flaw exposed some 20 individuals' names, addresses, dates of birth and contact details and the issue was only brought to light when a member of the public contacted the ICO to inform them of the error.

The ICO said that Toshiba had not imposed stringent enough rules on its developers, which resulted in the faulty website going live.

Stephen Eckersley, the ICO's head of enforcement, said the watchdog was satisfied Toshiba was now aware of the measures it needs to take to avoid a similar incident in the future and warned other firms of the importance of checking work produced by outside agents.

"It is vital that, as ever-increasing amounts of our personal information are collected online, companies have the necessary safeguards in place to keep this information secure," he said.

"We would urge other UK organisations with interactive websites to make sure they have suitable checks in place before collecting peoples' details online."

Privacy is becoming an important issue both for web users and for website managers who have to deal with growing compliance issues internationally. This is a crucial area for Sitemorse and we have a multi-stage offering designed to assist.

Ensuring regular monitoring of a large organisation's web presence is now essential and third-party errors such as the one above can be effectively prevented by applications such as the Sitemorse privacy module, which can alert site owners to potential issues like this one.

Toshiba said it welcomed the ICO's report and sought to reassure its customers that it had learnt from the incident and had addressed the issue as soon as it was made aware of the breach.

View all news articles