View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
May 13, 2011updated 19 Aug 2016 10:05am

Much maligned law firm handed “paltry” fine for data breach

"Bullying", "aggressive" ACS:Law fined a grand for data breach

By Jason Stamper Blog

Another day, another small price to pay for a serious data breach. ACS:Law solicitor Andrew Crossley has been fined £1,000 by the Information Commissioners’ Office after a data breach that saw the personal details of 6,000 computer users, targeted by his firm, exposed online.

The data breach happened following a denial-of-service attack by members of the hacktivist group Anonymous, who were unhappy at the tactics being used by Crossley and his law firm. ACS:Law wrote letters to hundreds of people it accused of downloading content without paying for it, asking them to pay a fine of several hundred pounds.

As well as people’s names and addresses, a list of pornographic films they were accused of downloading illegally was also exposed. "The security measures ACS:Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details," Information Commissioner Christopher Graham said.

The fine then of just £1,000 may seem paltry, but Graham said that it would have been £200,000 but for the fact that Crossley is said not to have the means to pay: ACS:Law has ceased trading. A spokesperson for the ICO told the BBC that it does not have the power to audit people’s accounts but said that Crossley had provided a sworn statement on the state of his finances.

But Deborah Price, head of legal affairs at consumer watchdog Which?, said:

"ACS Law demanded around £400 from each of the people it accused of illegal file sharing, yet for a serious breach of data protection law, it gets a paltry fine of £1,000. This is utterly inadequate – the ICO should have imposed an appropriate sanction.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

The ICO said that if ACS Law was still trading it would have imposed a penalty of £200,000. This beggars belief. It sends the message that businesses that commit a data breach can expect appropriate punishment, unless they dissolve their business, in which case they’ll get off lightly.

The victims of this security breach – consumers who have had to suffer the consequences of having unfounded allegations about them published online – have been left with no redress whatsoever."

It’s not the first time the Information Commissioners Office has been accused of lacking teeth.

Which?, meanwhile, complained to the Solicitors Regulatory Authority (SRA) over ACS:Law’s "bullying" and "aggressive" behaviour back in 2009. The SRA decided that there was a case to answer and ACS:Law owner Crossley will appear before a tribunal next month.

ACS:Law’s tactics were also criticised by the House of Lords Amendments Committee debating the Digital Economy Bill in January last year. Lord Lucas said:

"We have to be careful about setting out to criminalise… a large proportion of our population, particularly when it involves putting them not in the hands of the criminal law with all the safeguards, care and rationality that involves, but in the hands of firms of solicitors who are out to make a buck from the process.

None of these people are nice to deal with. Even where the majors have been involved in prosecutions – there are not many cases of that – they are relentless. It is not at all nice to be on the receiving end of one of their prosecutions. They can take a long time, cost a great deal of money and go on, with unspecified consequences, for a period of years.

ACS Law, one of the firms involved in this, has been kind enough to write to me…"

Please follow Jason Stamper on twitter:





Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.