ICO ‘worse than incompetent’

ICO warns of charity witch-huntThe Information Commissioner’s Office has been branded “worse than incompetent” after dropping an investigation into why BT sent hundreds of unencrypted customer records via email, which were later leaked online.
In September ACS:Law – a firm which specialises in taking action against illegal downloaders – received details of 500 PlusNet customers in a plain text attachment to an email. This was later leaked online after the law firm was hacked.
But the ICO concluded that as it was a rogue member of staff from PlusNet – a BT-owned company – who sent the file, it would not face action.
A spokesman said: “Where it is found that the data controller has adequate policies and safeguards already in place, the usual and most appropriate outcome in these cases is disciplinary action taken by the employer. However, where that employee is accessing records for personal gain, such as selling the data on to third parties, the ICO may open a criminal investigation.”
But Privacy International, which is promising to push for a judicial review of the ruling, said the decision was worse than the ICO’s “usual incompetence”.
A spokesman said: “This is an incredibly dangerous decision for the ICO to have made as it effectively dissolves any pretence that a company is responsible for the actions of their employees at work.
“Commissioner Christopher Graham (pictured) has, in essence, now created a data protection regime where companies will not be held responsible for the actions of their staff.”

Related stories:
Top media law firm in the dock
Brands warned over £500k fines
Don’t get caught with your trousers down

Comments are closed.