ACS:Law Fined Following Exposure of 6,000 Computer UsersMon 16 May, 2011 // Chris Allan
The Information Commissioner has again shown that breaches of data protection law will not be tolerated in fining solicitor Andrew Crossley who headed the law firm ACS:Law. The fine, which it is reported would have been in the order of £200,000 if ACS:Law had not ceased trading, was levied for a data breach that exposed private details of 6,000 users.
Back in January 2011, solicitor Andrew Crossley unexpectedly withdrew in the midst of a court case he brought. Crossley, who headed the law firm ACS:Law, had been involved in the pursuit of alleged illegal file sharers on behalf of his client MediaCAT.
The law firm sent out thousands of letters of accusation to those deemed guilty of the illegal downloading of files. ACS:Law would then demand a one off fine from the accused, or face a court case being brought against them.
After the withdrawal from the court case at the start of the year, ACS:Law's client, MediaCAT ceased trading the following month, but not before the resignation of Crossley himself when it was discovered that he and his firm had been involved in questionable dealings throughout its association with MediaCAT.
The latest development saw Mr Crossley receive a £1,000 fine for the exposure of some 6,000 users' personal details. The data breach occurred in September 2010, when hacktivist group Anonymous infiltrated the site and exposed thousands of private e-mail correspondence.
The group targeted ACS:Law to demonstrate their disapproval of the tactics used by the law firm in their pursuit of illegal file-sharing activity. In addition to a list of personal user details, a list of pornographic material they were accused of downloading illegally was also made public.
For many, the fine is a somewhat negligible amount, considering the revenue generated by Crossley throughout the illegal file-sharing scheme. It is believed that Mr Crossley had demanded payments of approximately £400 - 500 per infringement in order to avoid being taken to court.
However, Information Commissioner Christopher Graham insisted the fine would have been far heavier had it not been for the fact that Crossley was not in a financial position to pay it. If ACS:Law had not ceased trading, the fine would have been around £200,000.
One industry commentator who was particularly disappointed at the severity of the fine was Deborah Prince, head of legal affairs at consumer watchdog Which?. She said:
“ACS Law demanded around £400 from each of the people it accused of illegal file sharing, yet for a serious breach of data protection law, it gets a paltry fine of £1,000. This is utterly inadequate -- the ICO should have imposed an appropriate sanction.”
Meanwhile, the ICO has called for greater authority in matters of data breach investigation, and for heightened powers to delve further into individuals' finances.
“We have been pleased to work with commissum who have provided us with services to address our Security Assurance requirements. commissum met our demands, as an organisation operating within the Legal Services sector, with the highest level of integrity, commitment and excellent level of service. We would have no hesitation in recommending commissum.”
Mr Kenneth P, IT Manager, National Legal Services
"commissum recently provided us with services to assess a web application and supporting infrastructure. I was impressed with the consultants throughout the project, by their technical knowledge, flexibility, open communication and willingness to go that extra mile. Of particular benefit was the sound advice given both during and after the engagement. By identifying vulnerabilities promptly, accompanied with practical recommendations on how to address them. We were able to implement improvements quickly. Good value, a job well done.”
JM, Infosec Analyst, International Investment Bank
"We engaged with commissum for the first time this year and found them highly professional and a pleasure to do business with. We were particularly pleased with the report provided which was of excellent quality, with an appropriate level of detail and clarity in its recommendations. I would happily refer others to commissum.”
Mr Billy K, IT Director, National Law Firm
"We are extremely pleased with the work carried out by the commissum team. All of the commissum staff were a pleasure to work with and maintained a high level of professionalism at all times. They were able to provide us with sound advice and guidance to make sure that we got the best value for money from our test and provided excellent communication and recommendations before, during and after the tests. I would strongly recommend commissum to other companies that are looking for peace of mind in relation to their IT security and I can say that we will use commissum again for future testing.”
Chris S, IT Officer - UK Housing Association
"commissum understood exactly what we needed and delivered excellent service on time, and on budget. Why can't all companies be like them!"
Mr Duncan M, Information Security Manager - National Building Society
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum was particularly responsive and the project was well managed under demanding conditions. I was very happy with the technical standard. Very good value for money as well”
Mr Kenneth Y, Head of IT Risk & Compliance, International Retail Bank
"I was very pleased with the work delivered by commissum from start to finish. The quality of reporting was excellent and the consultants very helpful with clear communication throughout the engagement. I would happily recommend commissum to others.”
Ms Louisa L, IT Manager, National Building Society
"commissum provided us with a high quality service. We found the project team helpful and flexible in responding to changes in requirement; the technical staff in particular were excellent. All commitments including deliverable timescales were met and I would have no hesitation in recommending commissum.”
Mr A Moretti, Executive Director for IT Security Risk Management, Global Investment Bank
"From the start the project went very smoothly despite the short notice. commissum maintained excellent communication throughout ........ their flexibility and responsiveness right up to the end of the project was of great value to us.”
Mr Keith H, Senior Business Manager - UK Local Government