BPAS Appeals £200,000 Fine Over Hacked Website 104
DW100 writes "A UK charity that provides help and guidance for women seeking abortions has been fined £200,000 after a hacker breached its website in 2012 and was able to gather data on 9,900 people that had requested help from the organization. The hacker was given almost three years in jail for the attack. The charity's CEO has condemned the decision, arguing it rewards the hacker for his efforts."
The data was unintentionally stored in their CMS after miscommunication with a contractor, and they never performed security audits. Martin S. writes "The BPAS is appealing a £200,000 fine imposed by the ICO after their website was hacked by an Anonymous anti-abortion extremist. The amount is particularly egregious when perpetrators of willful data theft often attract fines of only a few thousand pounds."
so they got an anti-abortion judge (Score:0, Insightful)
lucky them
"Anonymous anti-abortion extremist" (Score:5, Insightful)
If the perpetrator was sent to jail how is this 'anonymous'?
How do you know this wasn't a simple extortion for money scheme?
Low hanging fruit... (Score:1, Insightful)
If this were a for-profit corporation, this verdict would have never been tried, much less decided on. The target was easy and fairly defenseless.
No Sympathy (Score:5, Insightful)
I have no sympathy. They need to be required to pay the fine so everyone else who handles personal data gets the message that you don't handle it negligently.
Re:hmmm (Score:5, Insightful)
A better solution would have been to not fine the organisation but to use the clause of the data protection act that allows individuals to be held responsible and fine the contractor for being so negligent as to store personal data insecurely and anyone at the organisation who allowed it.
Re:No Sympathy (Score:5, Insightful)
Re:so they got an anti-abortion judge (Score:2, Insightful)
"so they got an anti-abortion judge"
Trust some AC on Slashdot to try to turn it into a political issue.
It's about time that some of these organizations (including banks and others) who store personal data were held responsible for their lack of security. It has been a real problem.
Let's leave the politics out of it. The organization messed up, resulting in potential harm to the public who used its services. The court wants to hold them responsible for their messup. End of story.
How far do these laws go? (Score:5, Insightful)
Re:so they got an anti-abortion judge (Score:2, Insightful)
Trust some AC on Slashdot to try to turn it into a political issue.
This coming from one of the most politically-instigating people on the site.
Re:so they got an anti-abortion judge (Score:4, Insightful)
I suppose since we don't read the summary anymore, we may have been able to take it BACK from political. I can see how from the title, one might think it was a bank that was being punished.
Re:so they got an anti-abortion judge (Score:4, Insightful)
Sorry, the anti-abortion issue is very political and this is a heavy handed fine on a charity.
I agree this organization is negligent, but if this ruling is setting a precedent then it should be scrutinized.
At least, the ICO should demonstrate the fine is consistent with other cases.
Re:How far do these laws go? (Score:5, Insightful)
Re:so they got an anti-abortion judge (Score:3, Insightful)
"Sorry, the anti-abortion issue is very political and this is a heavy handed fine on a charity."
Well, I'm not that familiar with UK law, but like the U.S. it is still Common Law tradition.
Why is it a "heavy-handed" fine? It seems to me that when an organization endangers members of the public via negligence, they should receive a penalty that is sufficient to motivate them to change their practices.
It seems to me that the annual salary of a couple of professionals, who probably ought to be fired anyway, seems about right.
Re:so they got an anti-abortion judge (Score:5, Insightful)