Data Protection: Information Security And The Construction Industry
As featured in Scottish Construction Now
Earlier this month, the construction company known as Construction Materials Online Limited (CMO) was fined £55,000 by the Information Commissioner's Office (ICO) for breaching the laws on data protection and information security.
So what happened?
CMO operated a website which enabled customers to buy building materials online. CMO's website was created by a third party website developer, and unknown to CMO, the website's log-in pages contained a coding error.
This coding error created a vulnerability which allowed a hacker to modify payment pages and access the personal banking details of over 600 customers, including the names, addresses, bank account numbers and sort codes of customers.
What did the ICO say?
The ICO (the data protection regulator in the UK) found that CMO, as the data controller, failed to take appropriate and technical measures against unauthorised or unlawful processing of personal data as is required by principle 7 of the Data Protection Act 1998 (DPA).
In particular, the ICO found that CMO failed to:
carry out regular penetration testing of the website which would have detected the coding error; and ensure that the passwords on the website were sufficiently complex to resist a brute-force attack on the stored hash values (hashing is like a form of encryption whereby a password is turned into a scrambled representation of itself). What is principle 7?
Principle 7 requires organisations to take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. According to the ICO's guidance, in practice, this principle means that organisations must:
design their security to suit the nature of the personal data held by the organisation; designate a person or team with responsibility for ensuring information security; make sure the organisation has appropriate physical and technical security, and that the organisation's policies and procedures are robust and reliable; and be ready to respond to any security breach quickly and effectively. Why should you...
To continue reading
Request your trialSubscribers can access the reported version of this case.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see a list of all the cited cases and legislation of a document.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see a list of all the documents that have cited the case.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see the revised versions of legislation with amendments.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see any amendments made to the case.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.