Parking ticket firm 'exposed private info' - ICO making enquiries
Katie Price's throbbing ride apparently NOT revealed, though
Exclusive Britain's privacy watchdog will investigate a major car-parking contractor after its website allegedly leaked drivers' personal information.
Readers will be relieved to know, however, that representatives of chesty TV princess Katie Price say she has avoided having any sensitive private information revealed during the affair.
UK Parking Control (UKPC) is accused of revealing photographs of Brits' cars parked with number plates clearly to be read and in some cases the location revealed. In some images it's alleged that other details such as identification cards, shopping or belongings are clearly visible. Campaigners against private parking firms believe these images - allegedly made easily accessible to anyone on the UKPC website - exposed drivers' personal information.
Each ticket dished out by UKPC, which monitors 1,200 car parking locations nationwide, includes a unique link to the company's website: the printed URL pulls up a page with pictures of the vehicle taken by one of the company's ticketing operatives to illustrate why that particular penalty was issued.
But one ticket recipient claimed to have found that by tweaking values in this web address, he could access thousands of other digital photographs of other people's vehicles. Sample pictures seen by The Register appeared to support the allegations. Some shots show personal items on view inside the vehicles, such as an ID card placed next to a disabled-driver badge.
Photos of parked cars with number plates visible can in themselves cause privacy problems, as they can show where a driver has been. This is why numberplates are blurred out on Google Street View, for instance, and why only police and other authorised users are allowed access to number plate records generated by such systems as speed cameras.
Numberplates linked to names and potentially to precise locations and times would offer still more scope for embarrassment, so it's clear that UKPC's database contains significant private information subject to the Data Protection Act.
After being alerted by The Register and our sources, the UK Information Commissioner's Office confirmed it will begin an investigation into the alleged leak.
An ICO spokesperson said:
We have recently been made aware of a possible data breach involving UKPC, and are now making enquiries into the circumstances of the alleged breach before deciding what action, if any, needs to be taken.
Word of the alleged security bug in the website of UKPC - which monitors car parks for Tesco, B&Q and other big names - has spread on the Money Saving Expert discussion forums and motoring discussion board Pepipoo. Some images, said to be taken from the UKPC website, were reproduced on the Nutsville blog, which campaigns against the private parking enforcement industry in the UK.
And it was claimed a snap of a gleaming white Range Rover belonging to pneumatic pinup Katie Price - aka the model Jordan - was among the unearthed images. Some reports have it that Ms Price does have such a vehicle among her fleet - and the personalised number reported on the vehicle was highly suggestive. However a spokeswoman for the upon-a-time-model told the Reg that Ms Price's only Rover 4x4 is pink, has a different number, and that anyway she's trying to sell it.
Despite strongly worded legal threats from UKPC's solicitors, the Nutsville bloggers have refused to take the pictures down.
An anonymous source linked to the site, which uses overseas servers and other measures to mask its owners' identities, told the Reg:
"If UKPC keeps on threatening us, we will just put up more posts. They have been subjected to civil public justice. They should take the punishment and learn a lesson."
The source claimed it was "irresponsible" of UKPC to expose its cache of photographs online in such an insecure manner.
"UKPC say we have broken the law, but we didn't even need a password to see these photographs," our contact added.
We're told the photographs date back to 2009. Allegedly, some are a telling insight into the lives of UKPC parking personnel: some photographs, it's claimed, were taken inside the homes of the company's workers, from snaps of someone lying in bed to a scene of a pig relaxing in a dog basket in front of a massive widescreen telly.
UKPC has been repeatedly contacted for comment by The Register over recent days, but no one at the company has been available to comment on the allegations. We should note that it is not against the law to film or photograph in a public place where there is no reasonable expectation of privacy. ®
Sponsored: Fast data protection ROI?