A small business (Boomerang Video Ltd) has been fined £60k by the Information Commissioners Office (ICO) for its failure to protect the personal data of more than 26,000 of its customers.
Boomerang’s website was hit by a cyber-attack in 2014 and this resulted in its customer details being accessed. The ICO investigation found that basic steps in cyber security could have prevented this attack and protected the personal data of their customers.
The ICO investigation highlighted important cyber security points that business owners should consider:
- Do regular website penetration testing to detect errors;
- Passwords must be sufficiently complex and unpredictable;
- Encrypt data and secure the decryption key;
- Remove personal data that is no longer necessary.
The ICO also provides businesses with a range of guidance on this topic and other data protection matters. Their website can be found here.
If you require further advice on these issues, you may wish to join our community; on elXtr we have guide and documents to help you navigate employment issues.
If you have access to the legal helpline and want to discuss your specific circumstances with a qualified solicitor or barrister, please get in touch with them.