Business First May-June 2017 Business First May 2017 | Page 19

2018: DATA REVOLUTION With the new EU General Data Protection Regulation (GDPR) approaching, Rory Campbell from Forde Law has found that organisations of all sizes are not prepared for the changes necessary to comply. wonder if you’d be able to help…and keep it confidential?” The embarrassment in my friend’s email was achingly evident. The lawyer’s letter he had forwarded to me was extremely threatening. It stated that at a certain time on a certain night my friend had illegally downloaded a film exotically entitled “Happy Armenian Babes”: it confirmed that this was an illegal action infringing the copyright of the lawyer’s client; it threatened that unless my friend paid £600 by return the matter would be promptly referred to court and thence into the public domain. We sent the lawyer the usual response: the alleged download occurred via unprotected wifi, so anyone in the friend’s apartment or block of flats could have been responsible. £600 was way more expensive than an appropriate download fee for the Armenian Babes, however happy they might be: this meant that the £600 was levied as a punishment, a penalty, which is itself illegal under UK law. We ended our letter with a statement that any allegation to a third party would result in an immediate defamation claim. We never got a response. It turned out that the lawyer had sent out at least 10,000 of these letters. Many recipients, terrified of court action or the link with pornography, had simply paid up: it was subsequently estimated that the lawyer had made £650,000 from the process. Outraged by this bullying, a hacking collective brought down the law firm’s server with a DDOS attack. When the site came online again, a 350MB backup of the site was accidentally left on the landing page. Within minutes it had been copied and distributed via Pirate Bay and other torrent sites: names and addresses of alleged illegal porn filesharing by 5,300 Sky customers, and of illegal music sharing by a further 8,000 Sky and Plusnet customers, were made available to the internet. Amongst the myriad legal claims brought against the lawyer’s firm – which promptly collapsed – was a privacy breach claim by the data protection watchdog, the Information Commissioner. The ICO confirmed that if the firm hadn’t collapsed, it would have been fined £200,000 for its data protection breach. This would have been a hefty fine by ICO standards. Their reason: the whole story was a data prot