UK data protection authority, the Information Commissioner’s Office (ICO), said Thursday that Orange has been reprimanded for breach of the Data Protection Act following an investigation into the way in which customers’ personal information is processed.

The ICO said it received a complaint regarding the way in which Orange processed personal information and in particular the way in which new members of staff were allowed to share user names and passwords when accessing the company IT system.

Following its investigation, the ICO found that Orange was not keeping customers’ personal information secure.

The mobile operator is now required to sign a formal undertaking to comply with the principles of the Data Protection Act. Failure to meet these conditions is likely to lead to further enforcement action by the ICO and could result in prosecution.

Mick Gorrill, head of regulatory action at the ICO, said: “Organisations that process individuals’ personal information must do so in compliance with the Data Protection Act. If they do not, they not only risk further action from the Information Commissioner but also risk losing the trust of their customers.

“Individuals must feel confident that organisations are safeguarding their personal information,” he said.