BT will not be punished for a leak of 500 broadband customers’ personal data in September last year.
The Information Commissioner’s Office (ICO) dropped their investigation, concluding that BT could not be held accountable for the actions of their subsidiary PlusNet – the ISP responsible for the leak.
Yorkshire-based PlusNet failed to encrypt emails containing the names and addresses of customers. Those emails were easily intercepted and customers had their personal details posted online, to public messageboards, putting them at risk from internet pranksters.
The data was relinquished to aid a dubious copyright infringement case, where customers were accused of illegally sharing porn over file share network BitTorrent.
Prosecutors ACS:Law threatened file sharers with legal action before offering them the chance to pay cash settlements, out of court.
Human rights campaigner for Privacy International, Alex Hanff said: "If companies aren’t responsible for the actions of their employees, performed when working for their employers, where does that leave us on data-protection negligence?” Hanff offered that although ICO has the power to fine organisations up to £500,000, they opted out to save on the expensive legal fees that come with fighting a company the size of BT.
"It’s an incredibly dangerous precedent.” He added.
An ICO spokesperson said: "We have a full understanding of our powers and are not afraid to use them where action is justified. Enforcing and defending the rights of the UK public under the Data Protection Act has always been – and remains – central to the work of the Information Commissioner’s Office."
"The usual and most appropriate outcome in these cases is disciplinary action taken by the employer."