Privacy groups lambast ICO after BT decision

Privacy groups believe BT has been let off the hook by the ICO, which has come under heavy fire from certain corners.

BT

Privacy groups have poured scorn on the Information Commissioner's Office (ICO) after it ended an investigation into BT over sending customer information to the law firm ACS:Law.

BT reportedly sent details on 500 of its PlusNet customers to ACS:Law in plain text attached to an email.

The email was then leaked after the law firm was hacked.

ACS:Law has hit the headlines in the past few months for sending letters to people it believed had committed illegal filesharing.

The ICO indicated it had left the investigation in BT's hands.

"We have regular contact with a range of organisations regarding allegations of staff inappropriately accessing or disclosing personal information," an ICO spokesperson said.

"Where it is found that the data controller has adequate policies and safeguards already in place, the usual and most appropriate outcome in these cases is disciplinary action taken by the employer. However, where that employee is accessing records for personal gain, such as selling the data on to third parties, the ICO may open a criminal investigation."

Privacy International said it was an "incredibly dangerous decision" as it effectively dissolved "any pretence that a company is responsible for the actions of their employees at work."

"What makes this latest decision by the ICO worse than their usual incompetence, is that the ICO have decided BT Group PLC are not responsible for the breach of the Data Protection Act because it was one of their employees who sent the unencrypted data," the organisation's Alex Hanff said in a blog post.

"Christopher Graham has, in essence, now created a Data Protection regime where companies will not be held responsible for the actions of their staff."

Privacy International said it was going to push for a judicial review of the ICO's decision and seek a wider review of the watchdog as a whole.

The Big Brother Watch described the ruling as "puzzling."

"It appears to suggest that the information commissioner believes having a data protection policy in place is sufficient grounds to protect companies from prosecutions for breaking the law even when their employees disregard that said policy - and break the law," the body said in its own blog.

Responding to the criticisms, an ICO spokesperson said the watchdog was fully aware of its powers and was not afraid to use them.

"Enforcing and defending the rights of the UK public under the Data Protection Act has always been - and remains - central to the work of the ICO," the spokesperson said.

"Our workforce of data protection experts deal with thousands of complaints and complex investigations every year."

BT stated it had nothing to add outside of what the ICO said.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021