Share this content

Electric shocker: Utility firm loses customer details

20th Jan 2010
Share this content

A utility company in Northern Ireland has written to 12,799 of its electricity customers to inform them that a tape containing their personal information has been lost.

NIE Energy, which is owned by energy supplier the Viridian Group, has likewise alerted the Information Commissioner’s Office that the tape holding a day’s worth of electricity bill information went missing on 10 August last year.

The tape contained data relating to account names, addresses and old billing information, but did not include any bank, debit card or other financial information.

Stephen McCully, NIE Energy’s managing director, when apologising for the incident to the BBC, said: "We fully appreciate that our customers will be concerned that any personal information regarding them is missing. However, while we have not been able to locate this tape, there is absolutely no evidence to suggest that it has fallen into the wrong hands."

The firm has appointed consultancy Deloitte to undertake an independent review of its internal and sub-contractor-related processes and procedures and McCully added: "We have already introduced measures to prevent this from happening again."

The incident occurred due to an apparent break-down in sub-contractor processes. Northgate Information Solutions provides NIE Energy with data management services, which include organising the backing up of billing information via sub-contractors, Liberata and Formscan.

Every day following the production of electricity bills, Liberata passes a tape, which holds billing information, to Formscan so that it can be backed up onto microfiche. But it was during this process, that the tape disappeared.


Replies (1)

Please login or register to join the discussion.

By Paul Eveleigh
21st Jan 2010 14:00

This kind of serious data breach makes the recent announcement of fines of up to £500k all the more pertinent, and highlights the serious impact poor data governance has for every organisation in the UK.   Unlimited fines were approved in concept while Richard Thomas was the Information Commissioner back in May 2008, so it's comforting that hefty fines are becoming a reality, and go some way to encourage organisations to deploy good data governance.   It’s essential for businesses to recognise the importance of data governance, developing and applying robust internal and external strategies to safeguard and protect data.  Unfortunately there has to be repercussions if a data breach occurs, which is why the Information Commissioner originally sought custodial sentences for a serious infringement which would have affected the private and public sector.  Currently the fines outlined don’t apply to public sector companies, but the private sector has no excuse but to sit up and take note.

Thanks (0)