Information Commissioner Investigates Law Firm

It has recently been announced that ACS:Law, which had previously been pursuing individuals who had allegedly been illegally downloading films on the internet, has now attempted to withdraw the litigated cases from court.

The firm’s founder, Andrew Crossley, has said he wishes to withdraw the case because of “criminal activity” against him and his family; he states his emails have been hacked and that he has received death and bomb threats.

Whilst the judge in the case is considering whether to allow the case to be withdrawn, the very real risk for ACS:Law continues to be that enforcement action may be taken against it by the Information Commissioner (“ICO”) on the grounds of breach of the Data Protection Act (“DPA”) by ACS:Law.

As part of the criminal activity Mr Crossley alleges, ACS:Law’s emails were attacked in a cyber attack. This attack led to the publishing of the personal data of 1000s of people who had been subject to ACS:Law’s investigations in respect of illegal downloading.

If it is established that ACS:Law failed to undertake adequate measures to keep the personal data secure, the ICO could fine the firm up to £500, 000 for breaches of the DPA. We must wait and see to what action the ICO takes. The case is a timely reminder that all business (including law firms) must keep their systems secure to protect personal data or face substantial fines under the DPA. 
 
Written by Matthew Read, a Solicitor in the Nelsons Commerce and Technology group. To find out more about our Commerce & Technology group, click here.