Feeds

ICO issues first website enforcement order

Search site breaches data protection laws

Combat fraud and increase customer satisfaction

The operator of a website designed to allow searches for people's contact details has been issued with an enforcement order by the Information Commissioner's Office (ICO). It is the first time the ICO has issued an order over a website.

The ICO says that B4U, a Birmingham company which performs searches for information on individuals at b4usearch.com, is in breach of the Data Protection Act (DPA). B4U says it has not received any notification of an order.

The ICO says B4U has breached the Act by using electoral roll data from before 2002. After 2002, people filling in an electoral roll form could choose to be excluded from the public register. The ICO also says the company ignored requests from individuals for their details to be removed, which is in contravention of the Act.

"We will take action against organisations that don't process personal information in line with the requirements of the Act and cause significant concern to individuals," said Mick Gorrill, head of regulatory action at the ICO. "People have an important right under the Data Protection Act to know that their personal information is sufficiently protected."

The ICO said that it had received 1,600 complaints about the site, many saying that B4U did not remove their personal details when requested.

B4U owner Raj Banga said no notice has been received, and the company has never refused anyone a request for data removal. "We don't refuse anyone removal from the site, that has never happened," said Banga. He said that at one point requests for removal were so numerous that they were taking up to three weeks to process, but that none was refused.

"People who complained to the ICO about b4usearch.com included a police officer whose family's names and addresses, along with a map to their house, appeared on the website and an individual who had previously been a victim of identity fraud," an ICO statement said. "Both were concerned about the availability of their personal information and the fact that their requests to b4usearch.com asking for their details to be removed had been ignored."

The B4U website says that written requests for removal will take five days to process and details a premium rate fax line which costs £1.50 per minute which can be used for more immediate removals.

"Some people were looking for much faster removals so we brought in the premium rate fax line. We had to do that because I had to employ more people to process them and the company can only sustain that loss for so long," he said.

Banga said any rulings the company does receive will be adhered to. "We have been co-operative with the ICO and we are not in a position to argue with them," he said. "We are not the type of company to do that. If something is illegal, then we can't do it."

The ICO's statement said because of B4U's breaches of the DPA, "damage or distress to individuals was likely to have been caused by information being processed in this way". A spokesman confirmed that this could open the way to a civil case against B4U for damages, but that no such case had yet been brought.

"I can't comment on whether there will be a case, but all this information has been readily available for years, this is information you can find in your local library," said Banga.

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

3 Big data security analytics techniques

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.