The Information Commissioner's Office has ended an investigation against BT for handing over customer information to file-sharing-chaser law firm ACS:Law, which then leaked online. ACS:Law's speciality is sending letters to suspected file-sharers threatening them with expensive legal action unless they send the law firm money …
So as long as they suggest they might tell the employee off they get away Scott free?
That's as bad as "The dog ate my homework", no it is worse, surely companies are responsible for the actions of there staff.
"worse than usual incompetence"
John Oats says:
"...leaked online after ACS:Law was hacked."
However, everyone in the IT world (including el reg) recognises that ACS:Law was not hacked, it was just completely incompetent and knew nothing about IT when it put it's website back together after suffering from very high load (DDoS).
As for the title of my post; it insisted that I needed one, so what better than the byline for the story I am comenting on?
Re: "worse than usual incompetence"
That's not a byline, it's a subhead. Byline is author's name. As you were.
News Editing 101
This lesson brought to you by The Moderatrix, Snarky Humour, and the number 3.
I do wish people, especially tech rags like El Reg, would stop saying they were hacked. I can understand it from the tabloids, but come on, the Register is supposed to be written and read by those who know what they are talking about.
The ICO has proven it's useless, it can now be axed as far as I'm concerned. The first chance to test it, and it does nothing. Have they ever actually enforced the CMA?
Absolutely! The ICO is one of the countries leading authorities in the CMA network.
In fact, the Cover My Ass network would probably have serious issues if you got rid of the ICO.
Fix the deficit...
Close the ICO. I've yet to see them address any issue they've been presented with.
Every little helps...
ECHR bitchslap coming up ?
what's the betting ?
Could the ICO be any more useless?
Yes they could be more useless.
They could be the IPCC
So who is pulling the strings?
Because the guy is a puppet, put there to stop the law being enforced.
By the people,
Of the people, for Big Business. Carry on then...
How the hell did you get...
"In other words - it was a member of staff who sent the unencrypted data, and therefore it's not BT's responsibility"
"Where it is found that the data controller has adequate policies ..., the usual ... outcome ... is disciplinary action taken by the employer."
Save it up for ACS:Fail
Sue them out of existance
End of the DPA?
Any corporate confronted by the ICO with a complete failure to protect acutely sensitive personal information from the world at large - even in defiance of a court Order no less - can now simply say... "its a disciplinary matter".
No more penalties for reckless and gross mismanagement of acutely sensitive personal information.
In particular, ACS:Law would be able to claim (on the same basis as BT/Plusnet) that Jonathan Miller was responsible for the disclosures of Sky data, and therefore, "its a disciplinary matter".
Cue the collapse of the ICO investigation into ACS:Law.
Cue the collapse of the Data Protection Act.
Or sack the ICO and replace them with competent trustworthy people who are not lazy or stupid.
The ICO are as useful as..
a) a third nipple in the middle of my forehead
b) a chocolate fireguard
c) a can of petrol when you're dying of thirst
d) oh, whatever, they're just completely shite, let's get rid of them already.
@AC & ECHR
The ECHR would defend the right of the ICO to be an incompetent barsteward
ICO - chocolate teapots?
-- a crap cliche I know, but the most appropriate I can come up with.
All my dealings with the ICO have convinced me that they exist rather like the Advertising Standards Authority and the Press Complaints Commission, to give the impression there's some proper regulation going on, while allowing companies to flout the law and what everybody else would consider ethical behaviour.
I've made numerous complaints to the ICO about UK companies spamming me. Even when they've investigated the complaint and concluded that I WAS illegally spammed, the all that happened was "we told them to stop, but we can't do anything about it if they don't".
Even when companies like Think Pink Cartridges didn't bother replying to the ICO's enquiries about their activities, they've been left to it with no action taken against them.
Policies and safeguards
“Where it is found that the data controller has adequate policies and safeguards already in place"
Might one wonder how 'adequate' they were if personal data was released in clear text via email - at least in the 'legally sufficient' meaning of adequate.
I had to read that article three times to figure out EXACTLY how fucking stupid they were. It's so completely wrong in every respect, it simply skims over the brain on first perusal.
time for Viviane Reding to step in again?
What about ACS:LAW putting this information into the public domain it wasn't hacking it was incompetence that led to its release.
The ICO never have the public's interests in mind and act only to protect and provide for big names or old school friends
Lets BP off the hook though
It wasn't their fault - an employee installed the blowout preventer
Maybe BT employ more and better lawyers than the ICO so threatening them with legal action would be destined to fail.
Disappointed, yes. Surprised, no.
Usual ineffective wibbling from the ICO. Useless shower of bastards.
Looks like one law for big companies, and another for everybody else.
The ICO has used it's fining powers, but these have been with organisations with significantly smaller legal departments than BT.
If the ICO wants credibilty, it needs to tackle the hard cases, not the easy wins (this is also why CPS is frequently ridiculed e.g. being refered to as the Criminal Protection Service)
Maybe we should just give enforcement of the DPA to the FSA (£1.4m fine for losing 30k details)
ICO Must Go!!!!
The ICO must go, they are a worthless organisation who do not even understand the meaning of the phrase "Data Protection".
Its amazing how many large companies now lauch at the customer, when the customer warns to take the matter to the ICO. They know the ICO will do bugger all and i for one have now even given up doing this.
I am suprised the Information Commissioner himself can still go to work each day with all the shame that surrounds him.
I agree with another poster, this role needs to go to someone with balls - At least the FSA has done a much better job so for of enforcing Data Protection issues.
SHAME ON YOU ICO!