21 K UKP? Hmmm, as Ii would say...
... a nasty suck... Pathetic....
SCL Elections Ltd, stablemate of scandal-hit Cambridge Analytica, has been fined a total of £21,000 after pleading guilty to not complying with an Information Commissioner's Office enforcement notice. He had no right to make a subject access request any more than a member of the Taliban sitting in a cave in the remotest …
Dodgy as hell company went bust during the enforcement process, and whilst the administrators would probably have liked to comply they have neither the access or probably the competency to do so. Although on the latter point it could be argued that the administrator has a responsibility to retain enough BOFH's to be able to do so to meet their legal obligations such as this one.
The 700TB mitigation is irrelevant and only holds water to a non-techy - I'm pretty sure I could find the data for less than £21k if I had access and Im not L33T - as is the dont punish the creditors line as paying a part of the Government (albeit at arms length like ICO) just like the tax man comes before any normal creditor imo.
It does raise an interesting question. If the ICO seized a few more servers from a few more companies - effectively forcing them into immediate bankruptcy, people would be a little more scared of them and pay a bit more attention to data privacy.
"it could be argued that the administrator has a responsibility to retain enough BOFH's to be able to do so to meet their legal obligations such as this one."
Assuming the administrators even have the technical competence to work out who to retain - and assuming the BOFHs haven't already done a runner.
I was an unofficial BOFH for a startup that went bust.
The administrator's lawyers sent me a bunch of letters demanding that I make all the data available to them = I come into their offices and reassamble a bunch a servers in a store room, restore them and go through them for any IP that might be valuable. I asked if I was being paid and got back a bunch of more threatening letters about my legal duty to hand over any information.
Unfortunately I had wiped the ssh keys from my personal machine and they didn't know anything about boot disks.
"He had no right to make a subject access request any more than a member of the Taliban sitting in a cave in the remotest corner of Afghanistan."
But if they know that the Taliban member is sitting in a cave in the remotest corner of Afghanistan, don't they have a duty to report that?
Or does data protection only work when they want it to?
£21K ? They can pick up that in loose change from Zucks back pocket.. and they seriously need 30 days to pay?
The amount also sounds like an amount that was arbitrarily set by some Civil Service numpty who figured that it would caused SMEs some pain. Shame they never thought long-term.
£21K ? They can pick up that in loose change
If they've been bickering for months and have engaged a legal team and a barrister, then their own legal bill will probably be north of £50k. The whole point of fighting the legal action has presumably been to delay, obfuscate, and buy more time. Why? Your guess is as good as mine, but if they were going to plead guilty they could just have done that with the ICO, and had done with the matter months ago, and saved circa £60k.
Obviously the advantage of delaying was worth much more than the £60k.
So it's actually pointless because none of the scumbag directors of SCLE will be impacted or held accountable for this. As usual, they have abandoned the sinking ship like the rats that they are and will get way scott free, other than for some reputational damage that their own arrogance and denial will not let them accept anyway???
As the article quotes "This case is a discrete part of a broader matter,"
I'd like to think the ICO will end up pursuing former directors when they deal with the broader issues although they aren't in as strong a position as they'd have been if the events had happened under GDPR.
Again we need to ask WHY is here no criminal liability for these actions of a company under the control of directors?
Bankruptcy wouldnt affect the ability for the courts to properly punish these data parasites that invade our privacy.
All the toothless watchdogs have no effect - the data miners treat them as an annoying irrelevance that might occasionally cause them to "reset" by sinking one company and launching another. If the law makers were anywhere near serious about dealing with this stuff, they would have attached a criminal and personal liability to this kind of behaviour before now.
I guess big business can buy an "ineffectual build in" to regulation, thats the only obvious explaination for this, someone is being paid off one way or another - if it isnt cash then it must be data being fed to various governmental agencies, what weak and ineffective regulation that does exist is just window dressing.
Option 1) you can grant access to all the data by giving passwords to the ICO and not get a pesky £20k fine
Option 2) you can take the £20k fine on the chin and keep all the data under wraps which, if divulged, may subsequently cost multiple millions in fines and lawsuits
Decisions, decisions ...
Biting the hand that feeds IT © 1998–2019