in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Crazy Like A Fox: Online Bingo Raises ICO Custodial Sentence Issue

A man in the UK has been fined for selling the personal information of 65,000 on-line bingo players.  The incident has attracted attention for a couple of reasons.  The Information Commissioner's Office (ICO) has taken the opportunity to note that they need the power to jail people who breach the Data Protection Act (DPA).  The general public has noted how sometimes crime pays.

Foxy Bingo and Gala Coral

A Mr. Marc Ben-Ezra has been found guilty of breaching section 55 of the DPA.  The penalty?  A 3 year conditional discharge (I guess that's a probation period for Americans) and payment of £1,700 to Cashcade Ltd and £830.80 to Hendon Magistrates Court.  The £1,700 is a return of Cashcade's money that was used during a sting operation which landed Ben-Ezra in jail.

The penalty, however, pales in comparison to the amount he made selling the information: £25,000.  As far as I can tell, Ben-Ezra was allowed to keep these ill-gotten proceeds.

Where did Ben-Ezra obtain the information of 65,000 people?  It appears that he may have it bought it while working for an Israeli poker company.  The information included people's names, addresses, email addresses, telephone numbers, and usernames.

Under section 55 of the Data Protection Act, it is illegal to sell, or even advertise to sell, information that was acquired illegally (kinda commonsense, but they can't arrest you for violating common sense, now, can they?).

A Call for Custodial Sentences

The Information Commissioner has used this case as a further example why the ICO needs the power to send people to jail:

"This case shows that the unlawful trade in personal information is unfortunately still a thriving and lucrative activity," said Information Commissioner, Christopher Graham. "Mr Ben-Ezra sold people's personal details on an industrial scale, making in the region of £25,000 at the expense of the tens of thousands of bingo players whose privacy he compromised, and who he exposed to the nuisance of being approached by rival betting websites and, at worst, the risk of identity theft." [eweekeurope.co.uk]

The ICO, of course, has the famous ability to assess penalties up to £500,000.  However, this is a penalty assessed on data controllers.  In cases where section 55 of the DPA is involved, it takes a backseat to the Magistrates Courts, where the maximum fine is £5,000 (but often much, much less).

The ICO has been clamoring for the ability to send people to prison.  I can only imagine that as such cases pile up, it will get its way.


Related Articles and Sites:
http://www.out-law.com/en/articles/2011/november/man-fined-after-selling-unlawfully-obtained-personal-data-of-online-bingo-players/
http://www.eweekeurope.co.uk/news/ico-demands-jail-sentences-after-online-gambling-sting-45990
http://nakedsecurity.sophos.com/2011/11/11/65000-players-foxybingo-personal-data-sold/

 
<Previous Next>

Full Disk Encryption: Data Breach Lawsuits Filed Against Sutter Health (Updated)

Disk Encryption: 17 Iowa Department of Human Services Computers Stolen

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.