The British Pregnancy Advisory Service has received a
£200,000 fine for breaching the Data Protection Act following
an anti-abortion hacker gaining access to the personal details of
almost 10,000 people through the charity's website.
The Information Commissioner's Office reported that the charity
had not realised its site was collecting the names, addresses,
dates of birth and telephone numbers of people asking for a call
back about advice or counselling on pregnancy and sexual health
issues and so failed to secure it properly. This, along with
weaknesses in the website's code, allowed a hacker to gain
access to sensitive information that the ICO says was stored
unnecessarily which he later threatened to publish.
The charity has said it will be appealing the decision to impose a
fine.
The hacker, who defaced the charity's website with
anti-abortion messages, has since received a 32 month prison
sentence according to BPAS.
This is a timely reminder for charities that hold personal data
that as data controllers they must take active steps to ensure that
the personal data they are responsible for is kept safe.
The charity was also found to be in breach of the Data Protection
Act for keeping call-back details for five years longer than
necessary.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.