The Information Commissioner’s Office (ICO) has charged Gloucester Council with a £100,000 fine because of finding 30,000 emails consisting of sensitive information downloaded by cyber attack group Anonymous.
According to ICO, the council did not have sufficient processes in place to make sure its systems had been updated while changes to suppliers were made.
Veracode Manager Paul Farrington noted that council officials could have protected the 30,000 leaked email records without incurring any additional cost burden. “Top of the list, will be the notion that the council had outsourced the responsibility to a third-party IT provider to manage vulnerabilities.”
Protecting individuals privacy
“The reality however, is that you can’t outsource the obligation to protect the privacy of individuals. Whilst one might be able to cut costs by getting a firm to look after day-to-day tasks, the buck still stops with the data owner – in this case Gloucester City Council,” he added.
Managing Director of Gloucester Council believes that the fine will only result in money being taken from local citizens and given to HM Treasury.
Written from press release and source by Leah Alger