Legal Updates - Vulnerable Websites

Data Protection – Data Protection Act – Protecting Customer Data – Vulnerable Websites

The Information Commissioner’s Office (“ICO”) recently issued a fine of £7,500 on company, Worldview Limited, after its website was subjected to an online attack which allowed the attackers to access customers’ payment card details.

The attack, which is known as an “SQL Injection”, is considered one of the most common techniques used to exploit vulnerable websites and is caused by poor coding. Worldwide Limited is a hotel booking website and the fine stands as a warning to all website operators that their security must be able to protect against such attacks.

The ground upon which the ICO issued a penalty to Worldview Limited is under the 7th Data Protection Principle of the Data Protection Act (the “Act”).

“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

For more details on this, you can visit the ICO’s website.

How can we help?

Whether you are a start up or an established business, RT Coopers can assist you in meeting your obligations under the Data Protection Act. We conduct audits on businesses’ operations in order to determine specific weaknesses to be considered by data controllers. Once these are identified, we would advise you on the remedial measures you should put in place.

You may contact us by email [email protected]. Visit http://www.rtcoopers.com/practice_dataprotection.php

© RT COOPERS, 2014. This Briefing Note does not provide a comprehensive or complete statement of the law relating to the issues discussed nor does it constitute legal advice. It is intended only to highlight general issues. Specialist legal advice should always be sought in relation to particular circumstances.