News and Events

Ashley Madison exposed - don't get caught with your trousers down

  • Posted

Over the past month a seismic event occurred in America and a less seismic, but no less important, report was published in the UK. Firstly, Ashley Madison, was exposed as hackers revealed the personal details of millions of its registered users - see Dominic Wisdom’s blog - and in July, the Information Commissioner's Office (ICO) published its annual report.

According to that report, in 2014/15, the ICO imposed fines (monetary penalty notices or MPNs) amounting to an eye-watering figure of over £1 million, including fines for data loss (such as occurred at Ashley Madison) of £692,500. The ICO also prosecuted in 13 cases involving unlawfully obtaining or disclosing personal data, resulting in ten criminal convictions.

Whatever you think about the Ashley Madison business model, no-one deserves to have their personal details disclosed to the rest of the world. The IPO can issue MPNs to any business which has seriously contravened the Data Protection Act 1998 or the Privacy and Electronic Communications Regulations 2003, but there is good news - there are ways to avoid being caught out and being fined:

  • Ensure that the business can provide evidence that it has recognised the risks of handling personal data and has taken action to address the issue (for example, the business has conducted a risk assessment). 
  • Put in place appropriate policies, practices and procedures to avoid potential data protection breaches within the business (for example, by establishing a robust compliance regime). 
  • Pay particular attention to data protection issues where the personal data of large numbers of individuals or sensitive data is concerned.
  • Implement any codes of practice published by the ICO or other regulatory bodies that may be relevant to potential data protection breaches within the business.
  • Do not allow any known issues to remain unresolved (for example, rectify any problems with the business’ IT systems as soon as possible).

So, don’t get caught with your trousers down.

If you have a data protection issue you would like to discuss, please contact one of the team who will be able to help you.