Play - Jersey - EU

Does the ICO have jurisdiction in the case of Jersey?

It's a question I'd be fascinated to know the answer to.

As a very obnoxious customer services representative took great delight in telling me once, when I had a faulty item purchased from them, Jersey is not bound by UK or European consumer law, nor is it a part of the EU (and then effectively told me to go stuff myself). Luckily the item was sufficiently inexpensive enough that I didn't try too hard to pursue the matter.

I will follow the developments with interest.

£500,000 damages

That's not a lot when you think of the number of people that could be affected. Lose 100,000 people's details and they'll get a fiver each.

Re: Jurisdiction

I am certain that if play.com transact business within the UK/EU then they are bound by the consumer laws of the UK/EU. Otherwise all large retail organisations would base themselves in some country with no/few consumer laws and just laugh at us should we have the effrontery to exercise our consumer rights.

Marc Hocking, CTO, Becrypt

The recent statement from the Information Com missioner’s Office that levels of UK data loss are ‘too high’ yet again reinforces the need for organisations to ensure that they treat data with due care and diligence. It is essential to ensure that the right technology solutions are put in place. The proposed £500,000 fines may be an effective wake-up call for businesses, but an Information Assurance policy will not appear overnight. Implementing technology is important, but it is key to remember that there is more to the problem than this. Companies need to sew the importance of data protection and information assurance into the very fabric of the company; there needs to be education for employees, as well as regular updates to security policy. Businesses need to ensure they don’t use a band-aid to cover the potential bullet-hole of data loss.