ICO failure to punish Lush for data breach sends wrong message, says SecurEnvoy
Warwick Ashford reports:
The failure of the Information Commissioner’s Office to impose a monetary penalty against cosmetics firm Lush – for failing to protect thousands of customer records from hackers – sends out all the wrong messages, according to authentication firm SecurEnvoy.
“What we have here is a major e-commerce web portal – run by a consumer-friendly company that prides itself on its eco-friendly products and stance generally – that was solidly hacked for four months over the busy Christmas period, and essentially has got away scot-free,” said Steve Watts, co-founder of SecurEnvoy.
That the privacy watchdog feels it cannot penalise a company whose database has been exposed for 120 days – without its IT staff being aware – shows how crass the UK’s data protection legislation is in penalties, said Steve Watts.
Read more on ComputerWeekly.com