back to article Estate agent dodges GDPR-sized bullet after exposing 18,610 folks' data for two years

A London estate agent has been fined £80,000 for losing thousands of clients' personal data when it was handed over to a third party. A ruling from the Information Commissioner's Office found Life at Parliament View Ltd (LPVL) left the personal details of 18,610 people available online for just under two years. The data was …

  1. Loyal Commenter Silver badge

    An estate agent playing fast and loose with customer data?

    I'm shocked. Shocked I tell you!

    1. error 13

      Re: An estate agent playing fast and loose with customer data?

      the only less likely category to do the same would be recruitment agents

  2. tiggity Silver badge

    Fine too small

    As there is some high quality data there:

    Passport scans - always useful as a "gold standard" item in getting away with identity theft

    Bank statements - superb again as in addition to account details you have some transaction info, and as banks love to get you to describe actions on your account as "proof of ID " over phone, being able to say "I have regular direct debits to xyz, abc etc. of amount 123 and 456 can get you past those hurdles.

    A huge amount of damage can be done with data like that - a fine of high hundreds of pounds per "customer" would be more appropriate to reflect the huge potential damage

    1. Loyal Commenter Silver badge

      Re: Fine too small

      a fine of high hundreds of pounds per "customer" would be more appropriate to reflect the huge potential damage

      Sadly, under pre-GDPR legislation, the fines were very limited when it comes to being punitive enough. I, for one, can't wait until the 2-4% of turnover type fines start hitting companies who have a less-than-rigorous respect for the personal data of their customers.

    2. The Nazz Silver badge

      Re: Fine too small

      True. Wasn't the maximum permissible fine under the DPA the tidy sum of £500,000.

      Come on authorities, gazump the fine upto that limit and then see how those f*ckers like it.

  3. Doctor Syntax Silver badge

    What about the "partner company"? If they were handed information did they not have equal responsibility to look after it irrespective of the permissions or whatever they received at hand-over?

    And about that handing over: were there appropriate consents from the data subjects for it?

  4. herman Silver badge

    With a passport copy, crooks even have your signature. This is why I use different signatures for my passport and for my banks.

    I also use an ID card at a hotel, not a passport and then I use a credit card from another country, so that nobody ever get two types of ID from the same place. However, this kind of mixup is only doable by someone like me who live and work internationally.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019