Archive
Another Pathetic acquiescence of the ICO towards ACS LAW
There are few positive words if any I could use to describe the Information Commissioners Office (ICO). There are far better negative ones. “As much use as a chocolate teapot”, “Like an ashtray on a motorcycle”.
Indeed the ICO are SO inept it would be hard to imagine them being able to “Hit any water if the fell out of a boat”.
What has stirred my ire against the ICO? Is it the fact that they spent EIGHT MONTHS investigating one of the BIGGEST DATA leaks in English History? or the fact that they concluded with a £1000 fine that if the perpetrator was good enough to pay quickly he could get a discount of 20%? Was it the sheer arrogance of the ICO when phoning them up to report a company NOT registered with them that they suggested that their register was “Voluntary” and that they “Did not chase people” who “Had not registered” with them?
NO This is what has angered me.
Can you believe it, after countless people told the ICO that ACS LAW were NOT registered as a Data Handler, when it came to their renewal the ICO wrote THREE TIMES only for Andrew Crossley to ignore them, then only seemed to notice that they should send a “Final” warning as it then occurred to the ICO that they were “..dealing with the security incident you have just experienced”. How much is it to renew your registration? £35
ACS LAW and Andrew Crossley acted with shocking disregard to the General public and their personal details, but WHO allowed them to get away with it for so long? Do you REALLY feel your information is secure with such an inept body as the ICO guarding it?
For the timeline and how the ICO messed up their investigation into ACS LAW see here.
Fobbed off by the Information Commissioner’s Office (ICO) – Incompetence abounds
I sent the Information Commissioner’s Office (ICO) an email regarding their investigation into the ACS:LAW Data Leak.
The email contained a few simple questions.
1: Why is ACS:LAW/Andrew Crossley still registered at 20 Hanover Sq London as a Data Controller.
2: Do you think it is appropriate to offer Mr Crossley a 20% for early payment of his fine?
3: Do you think that Mr Crossley may have been in a better position to pay his fine had the ICO not taken so long to conclude it’s investigation?
The reply I got from the ICO after 14 days was this.
An obvious template response, I even got the ICO’s ACS:LAW FACT SHEET. And (wait for it) How to get compensation from ACS:LAW!!! (See Below)
Well of course my thinking was that if the ICO thought that it was only worth under 20p for everyone who has had their details leaked then imagine the Compo I would get from ACS:LAW I mean I might even get a penny a WHOLE Penny. Wow well it truly has got me thinking until of course I realised that even the cheapest postal stamp (36p) would be many times my compensation, and incidentally more than the ICO fined ACS:LAW per individual.
There has been talk by Christopher Graham the head of the ICO that he would have liked to have fined ACS:LAW £200,000 but of course that was proven to be merely a dose of hot air. (See question 2)
Mr Graham in fact has been in the news a few times since regarding other “Data protection issues” and again appears to be a mighty knight roaring about the rights and wrongs of the issue and how people should protect data, but he wields a foam sword.1 2
Maybe it is not his fault, maybe the ICO is handcuffed by legislation as Mr Graham seems to believe. One thing is sure, I and many others have been through too much disruption in our lives to leave this alone now, we have invested the most precious of commodities know to humans, that of TIME, we did not ask Mr Crossley and his ACS:LAW “clown asses” to invade our lives with their preposterous allegations.
A investigation into ACS:LAW by PCPRO this week was revealing and showed how Andrew Crossley had shown the ICO to be mugs. An ICO spokesperson had told ZDNET “The £1,000 reflects his financial condition. He did drive a Bentley at one point, but he doesn’t now.” Well guess what PCPRO saw when they turned up at Crossley house? The Bentley still on his drive.
We are now over two years into this now and those accused by Davenport Lyons into their third year. This whole situation has been a travesty of Justice, where the bad guys have been allowed to accuse thousands, leak their details and remain in a good position when they should be skulking back to the rock they crawled from.
There is still light though, on Tuesday this week (31st May) Dave Gore and Brian Miller the two Solicitors accused by the Solicitors Regulation Authority(SRA) will stand before their Disciplinary board (SDT) to answer for their actions in pursuing people they KNEW to be innocent. Andrew Crossleys date is also coming soon. There is real hope that partial justice may be done to these people.
It remains to be seen wether the SRA will act in a proper way and not in the way that the ICO has acted like a “Toothless Tiger”
“Millionaire” Andrew Crossley escapes ICO fine as he is “Poor” UPDATE 3
When the ACS:LAW scandal broke, the lives of thousands of people were turned upside down, up until that point people had been upset with letters threatening to take them to court for fictitious file sharing,
But September last year things turned even more bizarre as ACS:LAW released an archive of their emails online. This date breach exposed up to 10,000 peoples names addresses and credit card details alongside their names being linked with vile pornographic material.
On the 28th September the ICOs head Christopher Graham was salivating over the issue saying
Indeed the ICO had been given powers to fine companies £500,000, they messed up with the BT data breach because they said that It was an individual at fault and NOT BT, Hmmmmm. Things did not bode well for the ACS:LAW investigation.
The ICO decided the case against ACS:LAW stating:
“The security measures ACS Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details.”
Wow powerful stuff right?
The ICO went on
“As Mr Crossley was a sole trader it falls on the individual to pay the fine. Were it not for the fact that ACS Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of £200,000 would have been imposed, given the severity of the breach. Penalties are a tool for achieving compliance with the law and, as set out in our criteria, we take people’s circumstances and their ability to pay into account.”
SAY WHAT????
“Were it not for the fact that ACS Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of £200,000 would have been imposed”
Hmmm so Crossley gets to CLOSE his company the very action which brought derision from Judge Birss along with many man people who had been affected by his nasty letters, and he gets off with a grand to pay becuase of this deception?
The ICO goes on to say:
The ICO’s investigation found serious flaws in ACS Law’s IT security system. Mr Crossley did not seek professional advice when setting up and developing the IT system which did not include basic elements such as a firewall and access control. In addition ACS Law’s web-hosting package was only intended for domestic use. Mr Crossley had received no assurances from the web-host that information would be kept secure.
While the firm should have been aware of their obligations under the Data Protection Act, they continued to act negligently and failed to ensure that appropriate technical and organisational measures were in place to keep personal information secure.
This is worse than outrageous, as ACS:LAW actually used the fact that people had not secured their home systems and used the fact against them. They did not care if an elderly person had not secured their router or modem or their computer, it was the persons fault and they were held to account for being negligent by ACS:LAW.
Andrew Crossley must be laughing at this and the rest of us now. A measly £1000 penalty for a man who bragged of making over £1,500,000 in a year, and who lavished expensive cars on himself and his girlfriend, this is a joke. A man who lives in a 7 bedroom house worth nearly a million pound yet he pleads poverty? The ICO has let us all down. They are unfit for purpose.
Indeed £1000 is less than the price of just two of his letters that he sent out to the general public.
The interview with Christopher Graham can be seen here, please don’t hold a hot drink whilst watching the sheer disconnect between the interview and the reality might just choke you.
An excellent post on this subject can be found here
UPDATE: To add insult to injury it is revealed that IF Andrew Crossley pay his “Penalty” by June 6th 2011, he will receive an “Early pay Bonus” of 20% meaning he will only have to pay £800.
UPDATE 2 :See below for the ICO Ruling
UPDATE 3: For those of you who wish to comlain about this ruling
To Complain to the ICO themselves: http://www.ico.gov.uk/complaints/satisfied_with_our_service/complaints_and_compliments.aspx
To write to your MP: http://www.writetothem.com/
