ICO failure to punish Lush for data breach sends wrong message, says SecurEnvoy

Warwick Ashford reports:

The failure of the Information Commissioner’s Office to impose a monetary penalty against cosmetics firm Lush – for failing to protect thousands of customer records from hackers – sends out all the wrong messages, according to authentication firm SecurEnvoy.

“What we have here is a major e-commerce web portal – run by a consumer-friendly company that prides itself on its eco-friendly products and stance generally – that was solidly hacked for four months over the busy Christmas period, and essentially has got away scot-free,” said Steve Watts, co-founder of SecurEnvoy.

That the privacy watchdog feels it cannot penalise a company whose database has been exposed for 120 days – without its IT staff being aware – shows how crass the UK’s data protection legislation is in penalties, said Steve Watts.

Read more on ComputerWeekly.com

About the author: Dissent

Comments are closed.