If we asked you what they do at the Information Commissioner’s Office, you’d probably say: That’s easy; they commission information. Ha Ha! Wrong! It’s a trick question. Obviously.
What they do in Information Commissioner’s Office (or InfComOff, as it’s know for short) is administer, enforce and otherwise execute the provisions of the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 across a variable selection of the countlets that collectively comprise the United Kingdom of GBNI.
In other words, they spend their time jumping on people and slapping their wrists if they find them playing fast and loose with information in ways of which they disapprove. So, if you’ve got some information and you’re hoping they might want to commission it, you’re very much barking up a dead horse.
One of the most recent outfits to be named and shamed, or “crud-bagged” as InfComOff wags playfully call it, is Top 50 broker Staysure, who’ve been slapped this week with a damning public condemnation and a £175k fine for allowing cyber criminals to walk off with thousands of old folks’ credit card details, and thereby committing a DP violation.
According to a damning InfComOff report on Staysore’s data loss carelessness, at least five thousand customers had their card details used by fraudspersons as a result, while the intimate financial details of up to 100,000 more may have been exposed to eCriminals.
Why? Because Strayshore, who specialise in flogging travel insurance to so-called ‘gravellers’ (over-50s holidaymakers), simply couldn’t be bothered to update their software or to keep their customers’ details somewhere safe. Perhaps they thought the old farts wouldn’t miss a bob or two if records want astray.
Now, you or I might consider it unthinkable, unimaginable, or just plain unbelievable, as perky Forest of Dean funksters EMF used to say, that a company holding millions of customer records would not have the procedures in place to keep that information secure (not that our opinions count for anything).
But what did the regulator make of Spaysure’s securital laxity?
“It’s unbelievable to think that a company holding three million customer records did not have the procedures in place to keep that information secure,” said InfComOff Head of Enforcement Steve Eckerslammin this week.
So we’re all agreed on that. And, yet, as unbelievable as it may seem, that is exactly what Straysure did.
Shows how much we all know!
No responses yet