New Times,
New Thinking.

  1. Election 2024
12 May 2011

The fine for exposing 6,000 PC users online? £1,000

“Bullying”, “aggressive” ACS:Law fined for data breach.

By Jason Stamper

Another day, another small price to pay for a serious data breach. The ACS:Law solicitor Andrew Crossley has been fined £1,000 by the Information Commissioner’s Office (ICO) after a data breach in which the personal details of 6,000 computer users who were targeted by his firm were exposed online.

The data breach happened following a denial-of-service attack by members of the hacktivist group Anonymous, who were unhappy at the tactics being used by Crossley and his law firm. ACS:Law had written letters to hundreds of people it accused of downloading content without paying for it, asking them to pay a fine of several hundred pounds.

As well as people’s names and addresses, a list of pornographic films they were accused of downloading illegally was also exposed. “The security measures ACS:Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details,” said the Information Commissioner, Christopher Graham.

Thus, the fine of just £1,000 may seem paltry. Graham said it would have been £200,000, but for the fact that Crossley is said to lack the means to pay: ACS:Law has ceased trading. A spokesperson for the ICO told the BBC that it does not have the power to audit people’s accounts but said that Crossley had provided a sworn statement on the state of his finances.

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

But Deborah Price, head of legal affairs at the consumer affairs watchdog Which?, said:

ACS Law demanded around £400 from each of the people it accused of illegal file-sharing, yet for a serious breach of data protection law, it gets a paltry fine of £1,000. This is utterly inadequate – the ICO should have imposed an appropriate sanction.

The ICO said that if ACS Law was still trading it would have imposed a penalty of £200,000. This beggars belief. It sends the message that businesses that commit a data breach can expect appropriate punishment, unless they dissolve their business, in which case they’ll get off lightly.

The victims of this security breach – consumers who have had to suffer the consequences of having unfounded allegations about them published online – have been left with no redress whatsoever.

It’s not the first time the Information Commissioner’s Office has been accused of lacking teeth.

Meanwhile, Which? complained to the Solicitors Regulation Authority (SRA) over ACS:Law’s “bullying” and “aggressive” behaviour back in 2009. The SRA decided that there was a case to answer and Crossley, owner of ACS:Law, will appear before a tribunal next month.

ACS:Law’s tactics were also criticised by the House of Lords amendments committee when debating the Digital Economy Bill in January last year. Lord Lucas said:

We have to be careful about setting out to criminalise . . . a large proportion of our population, particularly when it involves putting them not in the hands of the criminal law with all the safeguards, care and rationality that involves, but in the hands of firms of solicitors who are out to make a buck from the process.

None of these people are nice to deal with. Even where the majors have been involved in prosecutions – there are not many cases of that – they are relentless. It is not at all nice to be on the receiving end of one of their prosecutions. They can take a long time, cost a great deal of money and go on, with unspecified consequences, for a period of years.

ACS Law, one of the firms involved in this, has been kind enough to write to me . . .

Jason Stamper is NS technology correspondent and editor of Computer Business Review.

Content from our partners
We need an urgent review of UK pensions
The future of private credit
Peatlands are nature's unsung climate warriors