0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

carphone warehouse a reminder of data breach reporting obligations

14 August 2015

The personal data of up to 2.4 million Carphone Warehouse customers, and up to 90,000 credit card details, may have been accessed by hackers on 5 August 2015. The company notified customers of the breach on 8 August.

Providers of public electronic communications services, such as Carphone Warehouse (which owns TalkTalk), are required under the Privacy and Electronic Communications Regulations (PECR) to notify the ICO within 24 hours of becoming aware of a data breach. Customers must be notified without unnecessary delay unless it can be shown that the data was unintelligible due to encryption. Notification should include a summary of the breach, its likely effect, the affected data, and mitigating measures taken by the company and which should be taken by the individual.

This breach serves as a reminder of service providers’ obligations in respect of reporting data breaches. This is particularly timely in light of the draft EU Data Protection Regulation, which will require all organisations (service providers or otherwise) to notify customers and relevant authorities about data breaches within 24 hours.

For more information on protecting your business and training your team on data protection – take a look at our fixed price product.

related opinions

Chancellor announces levy on companies subject to anti-money laundering regulations

The Chancellor’s latest Budget Report outlined that the Government will introduce a £100 million Economic Crime Levy, otherwise known as the AML Levy no earlier than April 2022 to fund action to tackle money laundering and ensure delivery of reforms in the Government’s Economic Crime Plan.

View blog

Credit broking: know your permissions

To operate lawfully, firms that broker credit to consumers by way of business must be registered with and authorised and regulated by the Financial Conduct Authority (FCA).

View blog

Do you collect personal data from children, whether deliberately or by accident? If so you’d better read this…

If you provide goods or services online that might be of interest to children then you’re going to want to go through the ICO’s “Age Appropriate Design Code of Practice” - a code requiring minimum standards of any online service aimed (or which is likely to interest) children.

View blog

More protection required for retailer workers as violence is on the rise, according to latest statistics

Following an MP debate on 5 November 2019, the government is due to release long-awaited guidance as to how it intends to protect workers in the retail industry against violence, harassment and abuse.

View blog

mailing list sign up



Select which mailings you would like to receive from us.

Sign up