Business First May-June 2017 Business First May 2017 | Page 19

2018: DATA REVOLUTION
With the new EU General Data Protection Regulation (GDPR) approaching, Rory Campbell from Forde Law has found that organisations
of all sizes are not prepared for the changes necessary to comply.
wonder if you’d be able to help…and keep
it confidential?” The embarrassment in my
friend’s email was achingly evident.
The lawyer’s letter he had forwarded to me
was extremely threatening. It stated that at a
certain time on a certain night my friend had
illegally downloaded a film exotically entitled
“Happy Armenian Babes”: it confirmed that
this was an illegal action infringing the
copyright of the lawyer’s client; it threatened
that unless my friend paid £600 by return the
matter would be promptly referred to court
and thence into the public domain.
We sent the lawyer the usual response: the
alleged download occurred via unprotected
wifi, so anyone in the friend’s apartment or
block of flats could have been responsible.
£600 was way more expensive than an
appropriate download fee for the Armenian
Babes, however happy they might be: this
meant that the £600 was levied as a
punishment, a penalty, which is itself illegal
under UK law.
We ended our letter with a statement that
any allegation to a third party would result in
an immediate defamation claim.
We never got a response. It turned out that
the lawyer had sent out at least 10,000 of
these letters. Many recipients, terrified of
court action or the link with pornography,
had simply paid up: it was subsequently
estimated that the lawyer had made £650,000
from the process.
Outraged by this bullying, a hacking
collective brought down the law firm’s server
with a DDOS attack. When the site came
online again, a 350MB backup of the site was
accidentally left on the landing page.
Within minutes it had been copied and
distributed via Pirate Bay and other torrent
sites: names and addresses of alleged illegal
porn filesharing by 5,300 Sky customers, and
of illegal music sharing by a further 8,000 Sky
and Plusnet customers, were made available
to the internet.
Amongst the myriad legal claims brought
against the lawyer’s firm – which promptly
collapsed – was a privacy breach claim by the
data protection watchdog, the Information
Commissioner.
The ICO confirmed that if the firm hadn’t
collapsed, it would have been fined £200,000
for its data protection breach.
This would have been a hefty fine by ICO
standards. Their reason: the whole story was
a data prot