When the ACS:LAW scandal broke, the lives of thousands of people were turned upside down, up until that point people had been upset with letters threatening to take them to court for fictitious file sharing,
But September last year things turned even more bizarre as ACS:LAW released an archive of their emails online. This date breach exposed up to 10,000 peoples names addresses and credit card details alongside their names being linked with vile pornographic material.
Indeed the ICO had been given powers to fine companies £500,000, they messed up with the BT data breach because they said that It was an individual at fault and NOT BT, Hmmmmm. Things did not bode well for the ACS:LAW investigation.
The ICO decided the case against ACS:LAW stating:
“The security measures ACS Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details.”
Wow powerful stuff right?
The ICO went on
“As Mr Crossley was a sole trader it falls on the individual to pay the fine. Were it not for the fact that ACS Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of £200,000 would have been imposed, given the severity of the breach. Penalties are a tool for achieving compliance with the law and, as set out in our criteria, we take people’s circumstances and their ability to pay into account.”
“Were it not for the fact that ACS Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of £200,000 would have been imposed”
Hmmm so Crossley gets to CLOSE his company the very action which brought derision from Judge Birss along with many man people who had been affected by his nasty letters, and he gets off with a grand to pay becuase of this deception?
The ICO goes on to say:
The ICO’s investigation found serious flaws in ACS Law’s IT security system. Mr Crossley did not seek professional advice when setting up and developing the IT system which did not include basic elements such as a firewall and access control. In addition ACS Law’s web-hosting package was only intended for domestic use. Mr Crossley had received no assurances from the web-host that information would be kept secure.
While the firm should have been aware of their obligations under the Data Protection Act, they continued to act negligently and failed to ensure that appropriate technical and organisational measures were in place to keep personal information secure.
This is worse than outrageous, as ACS:LAW actually used the fact that people had not secured their home systems and used the fact against them. They did not care if an elderly person had not secured their router or modem or their computer, it was the persons fault and they were held to account for being negligent by ACS:LAW.
Andrew Crossley must be laughing at this and the rest of us now. A measly £1000 penalty for a man who bragged of making over £1,500,000 in a year, and who lavished expensive cars on himself and his girlfriend, this is a joke. A man who lives in a 7 bedroom house worth nearly a million pound yet he pleads poverty? The ICO has let us all down. They are unfit for purpose.
Indeed £1000 is less than the price of just two of his letters that he sent out to the general public.
The interview with Christopher Graham can be seen here, please don’t hold a hot drink whilst watching the sheer disconnect between the interview and the reality might just choke you.
UPDATE: To add insult to injury it is revealed that IF Andrew Crossley pay his “Penalty” by June 6th 2011, he will receive an “Early pay Bonus” of 20% meaning he will only have to pay £800.
UPDATE 2 :See below for the ICO Ruling
UPDATE 3: For those of you who wish to comlain about this ruling
To Complain to the ICO themselves: http://www.ico.gov.uk/complaints/satisfied_with_our_service/complaints_and_compliments.aspx
To write to your MP: http://www.writetothem.com/