icitta.co.uk

ICO threatens big fine – but it doesn’t happen in practice

Data protection full compliance is a big ask for small businesses but the rules are in place primarily due to the importance of businesses understanding the sensitivity of data they hold and the ramifications, in the age of technology, of failing to protect customer and other data. The rules will only be taken seriously in our view, as with anything, if enforcement is seen to have “teeth”.

Recently, there has been a well publicised case of release of highly sensitive and confidential data by, of all things, a law firm. The news this week is that, for what the ICO would defend as purely technical reasons, the London lawyer in question will apparently receive a fine of only £1,000.00 instead of the mooted £200,000.00. This much much smaller fine has apparently been imposed  because the lawyer’s business has ceased trading and perhaps also because he is subject to Solicitors Disciplinary proceedings also, so perhaps the view has been taken that he will receive an overall severe punishment. However, in strict data protection terms, this does appear to be a sop.

The facts of the case are that Andrew Crossley, solicitorm allowed details of thousands of alleged filesharers to  leak from his company’s website in September 2010. Mr Crossley was a sole trader and therefore he is personally liable for any debts or fines imposed on the firm and the ICO believes he would not be able to pay the much higher penalty fine they were considering imposing..

“As Mr Crossley was a sole trader it falls on the individual to pay the fine,” the commissioner said. “Were it not for the fact that ACS Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of £200,000 would have been imposed, given the severity of the breach.”

Simon Davies, a director of campaign group Privacy International, states that regardless of the underlying situation of Mr Crossley, a fine of only £1,000.00, sends out a very bad signal. He said, “The ICO seems entirely unaware of the loophole it has just promoted. This signals to directors of all companies that they can act unlawfully under the Data Protection Act, and all they have to do is make the company dormant and escape any serious punishment.”

The ICO said Crossley “swore on oath” that he had given accurate information about his financial situation.

Social Hacking – A Personal Experience

I have spent 7 years of my career doing ethical hacking for enforcement and corporates all round the world and I have experienced the in and outs of security issues in an organisation be it safeguarding their information assets or employees as an asset.

Below are some basic ways via interaction that an attacker may use to try and compromise a corporate network in just a few days or hours.

Most organisations are truly ignorant about security especially when they are not aware about the tricky techniques used by a hacker without manipulating the IPs or Server information.  In other words, most organisations don’t put in place procedures, train staff,  remind staff or monitor staff compliance in relation to basic safeguards to minimise the chance of business systems being compromised.

Let’s take an example of a prepaid phone or pay as you go which can be used anonymously and can’t be traced. This phone can be used as a source for contacting the target or an organisation since they won’t have any knowledge of this number even if they will try to trace it they won’t be able to do that. Using this pay as you go phone the hacker uses a pretext to communicate with staff and skilfully extracts information from an unwitting employee which could include details of systems, names, email addresses, phone numbers of the employees working in that organisation, which then act as a gateway for more technical hacking techniques.

Next step for the hackers is to understand the organisation’s technical set up especially the webmail. They may set up a spoof using the same images, banners, logos and of course the basic scripts as the business email. Now once the page is ready there are several ways a hacker can send this email to their targets either by designing a simple feedback form, or a Login Page for updating their information for the company database. The hacker’s main intention is to make the users believe that the email is coming internally as a way of inducing response which in turn gives the hacker even more vital information, potentially leading in total compromise of the system and access for the hacker to extract data, manipulate it or any other malicious and/or financially damaging activity.

In the writer’s experience, these sorts of techniques still bear fruit for hackers and this is a particularly disappointing when there are some basic ways, through training and awareness in which the risks can be significantly reduced. Ask yourself, when you leave your home to go to work, do you leave your windows open, an open invitation to a burglar ? If not, why do it with critical business information and systems ?

Thanks to the writer, from corporate investigation and computer forensic specialists based in London.

Company and Business Law Services

Company and business law defined

Company law governs how companies are formed, run and wound-up.  Companies have a special liability status, which differentiates them from sole traderships and partnerships; there is a distinction between the liabilities of those who own the company and the liabilities of the company itself.  Due to this special status, companies can be thought of as distinct legal entities existing in their own right.

However, due to the special status that companies have, the law strictly governs their formation and running.  Annual accounts have to be filed with Companies House.  A company must have articles of association, which are rules that govern the company.

Company law not only covers the most familiar type of company (Public Limited Companies) but also partnerships with a special liability status similar to a regular company (Limited Liability Partnerships).

Business law is defined much more widely than company law.  It encompasses all the laws which are relevant to businesses, whether the business is structured as a partnership or a company.  It can therefore include issues relating to employment law, intellectual property, commercial contracts and the like.  There is also a subset of business law known as commercial law, which governs everything from commercial transactions to the law of agency.

Features of company/business law services

• Wide-range of expertise in company and business law
• Advice suitable for businesses of every size
• Personable and commercially relevant advice
• Competitive and affordable fees

Wide-range of expertise in company and business law

Company and business law solicitors have a wealth of experience in this field and can advise on:

• Company and Limited Liability Partnership formation
• Obligations under Company Law
• Winding up of companies
• Legal compliance
• Conducting legal/business audits
• Drafting of company articles of association and shareholder agreements
• Drafting of partnership agreements
• Commercial leases and property
• Employment law
• Intellectual property law
• Agency, distribution and franchise agreements
• Commercial dispute resolution
• Commercial transactions
• Breach of contract

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!