Feeds

ICO issues first website enforcement order

Search site breaches data protection laws

Top three mobile application threats

The operator of a website designed to allow searches for people's contact details has been issued with an enforcement order by the Information Commissioner's Office (ICO). It is the first time the ICO has issued an order over a website.

The ICO says that B4U, a Birmingham company which performs searches for information on individuals at b4usearch.com, is in breach of the Data Protection Act (DPA). B4U says it has not received any notification of an order.

The ICO says B4U has breached the Act by using electoral roll data from before 2002. After 2002, people filling in an electoral roll form could choose to be excluded from the public register. The ICO also says the company ignored requests from individuals for their details to be removed, which is in contravention of the Act.

"We will take action against organisations that don't process personal information in line with the requirements of the Act and cause significant concern to individuals," said Mick Gorrill, head of regulatory action at the ICO. "People have an important right under the Data Protection Act to know that their personal information is sufficiently protected."

The ICO said that it had received 1,600 complaints about the site, many saying that B4U did not remove their personal details when requested.

B4U owner Raj Banga said no notice has been received, and the company has never refused anyone a request for data removal. "We don't refuse anyone removal from the site, that has never happened," said Banga. He said that at one point requests for removal were so numerous that they were taking up to three weeks to process, but that none was refused.

"People who complained to the ICO about b4usearch.com included a police officer whose family's names and addresses, along with a map to their house, appeared on the website and an individual who had previously been a victim of identity fraud," an ICO statement said. "Both were concerned about the availability of their personal information and the fact that their requests to b4usearch.com asking for their details to be removed had been ignored."

The B4U website says that written requests for removal will take five days to process and details a premium rate fax line which costs £1.50 per minute which can be used for more immediate removals.

"Some people were looking for much faster removals so we brought in the premium rate fax line. We had to do that because I had to employ more people to process them and the company can only sustain that loss for so long," he said.

Banga said any rulings the company does receive will be adhered to. "We have been co-operative with the ICO and we are not in a position to argue with them," he said. "We are not the type of company to do that. If something is illegal, then we can't do it."

The ICO's statement said because of B4U's breaches of the DPA, "damage or distress to individuals was likely to have been caused by information being processed in this way". A spokesman confirmed that this could open the way to a civil case against B4U for damages, but that no such case had yet been brought.

"I can't comment on whether there will be a case, but all this information has been readily available for years, this is information you can find in your local library," said Banga.

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

The Essential Guide to IT Transformation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.