It appears that the ACS Law saga may be drawing to a close, with the news that the former owner Andrew Crossley has escaped with just a £1,000 fine.
The Information Commissioner’s Office (ICO) found that the company had indeed been guilty of providing poor security for personal information of thousands of individuals having obtained the info through ISPs, a charge that would have cost the firm £200,000 had it still been operating.
However, the ICO decided that because Crossley is now considered a sole trader and the company has ceased trading he would only have to pay a fraction.
So not a bad result for Crossley then all things considered, who was apparently treated leniently due to a lack of funds.
Crossley’s ACS Law had been involved in writing to large numbers of people who were alleged to have broken the law, using methods that were deemed inappropriate by many, even drawing the ire of Anonymous, with doubts over whether many of those targeted had even committed copyright infringement in the first place.
Last September the website was subject to a hack, leaking around 6,000 people’s details including names, addresses, credit card details which led to death threats to Crossley eventually causing him to drop his letter writing activities.
BT was also dragged through the mess, though it was let off the hook for supposedly emailing ACS Law unencrypted customers details. It was told to get its house in order though the ICO will be keeping an eye on it.
The ICO found that ACS Law’s security system was slightly on the weak side. It was accused of acting “negligently” by cutting corners and putting into place a hosting package to hold onto highly sensitive details of members of the public.
In fact the Information Commissioner stated the security measures “barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details.”