0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

carphone warehouse a reminder of data breach reporting obligations

14 August 2015

The personal data of up to 2.4 million Carphone Warehouse customers, and up to 90,000 credit card details, may have been accessed by hackers on 5 August 2015. The company notified customers of the breach on 8 August.

Providers of public electronic communications services, such as Carphone Warehouse (which owns TalkTalk), are required under the Privacy and Electronic Communications Regulations (PECR) to notify the ICO within 24 hours of becoming aware of a data breach. Customers must be notified without unnecessary delay unless it can be shown that the data was unintelligible due to encryption. Notification should include a summary of the breach, its likely effect, the affected data, and mitigating measures taken by the company and which should be taken by the individual.

This breach serves as a reminder of service providers’ obligations in respect of reporting data breaches. This is particularly timely in light of the draft EU Data Protection Regulation, which will require all organisations (service providers or otherwise) to notify customers and relevant authorities about data breaches within 24 hours.

For more information on protecting your business and training your team on data protection – take a look at our fixed price product.

related opinions

Marriott International: a look behind the ICO’s £99m fine and what this means for corporate acquisitions

Last month, the Information Commissioner’s Office (ICO) announced notice of its intention to fine (NOI) Marriott International, Inc. £99m for infringements of the GDPR.

View blog

SFO fail to secure individual criminal convictions following Deferred Prosecution Agreement

On 16 July 2019 the Serious Fraud Office released details of the Deferred Prosecution Agreement reached with Sarclad Ltd in July 2016.

View blog

Sussex Partnership NHS Trust fined £200,000 – A warning for providers and investors

Sussex Partnership NHS Trust was sentenced on 14 June 2019 for failing to provide safe care and treatment to a 19 year old inmate being cared for on the hospital wing of Lewes Prison, Jamie Osborne.

View blog

Cyber risks – are businesses really ready?

The Hiscox Cyber Readiness report, a review of 3300 organisations, will be a stark warning for CEO’s of SME’s in the UK and in Europe.

View blog

mailing list sign up



Select which mailings you would like to receive from us.

Sign up