recent work

BT embroiled in ACS:Law list breach

As the story behind the alleged data breach by CS:Law unravels (see yesterday’s news article Law Firm faces fine of £500,000 after alleged breach of Data Protection Act), BT have today admitted to sending ‘unencrypted’ data to the firm; in the form of unencrypted excel spreadsheets. The personal details of approximately 500 customers were involved.

BT, it would appear, were working with ACS:Law in late August when email correspondence between  BT employee Prakash Mistry and Andrew Crossley, who runs ACS:Law, was sent, along with unencrypted excel attachments.

Although the email sent from Mistry requested “that the data will be held securely and shall be used only in accordance with the provisions of the…. Court’s Order of 17 February 2010”, the data was sent in an insecure manner.

In response to this development, BT have announced that:
We are investigating how this occurred as we have robust systems for managing data. We have already ensured that this will not happen again. In this circumstance our legal department sent data to a firm of solicitors (ACS:Law) which reached them safely and we trusted that they would keep the data safe.”

It is assumed that BT have, as a result, “comprehensively breached” the Data Protection Act, says Simon Davies, of Privacy International.

As the facts surrounding the issues faced by ACS:Law unravel, a spokesperson for the Information Commissioner Office (ICO) told BBC News that the BT e-mail would be part of its ongoing investigation into ACS:Law. The UK’s Information Commissioner, Christopher Graham, told the BBC that firms who breach the Data Protection Act “could face fines of up to half a million pounds”.

To read the story in full, go to http://www.bbc.co.uk/news/technology-11434809 now.

Comment
Absolute Data works with many organisations to reduce or eliminate the risk to the personal information that they hold about individuals. The “softer side” of privacy risk management such as staff training and having documented procedures is often overlooked and under-funded in organisations and an area where we can have a big impact for a modest investment.  For further information, please contact us now on info@absolute-data.co.uk.