14 DAY TRIAL // Co-operative Life Planning (CLP), an UK provider of funeral insurance and other services, has exposed the personal information of 82,000 customers, the UK Information Commissioner's Office reports.
In March 2011, the organization asked one of its software vendors to repair a damaged file that contained customers data.
The vendor copied the document without authorization onto its own network and accidentally made it public when one of its servers was hacked into.
CLP reported the incident to the Information Commissioner's Office back in March, and the subsequent investigation revealed that the company failed to realize that the contractor copied the file on multiple occasions.
"This case highlights the need for companies to ensure their contractors are following procedures on keeping customers’ personal information secure.
"Co-operative Life Planning’s customers had an expectation that the organisation would keep their details safe and they have been let down by this breach," said Sally-Anne Poole, ICO's acting head of enforcement. [pdf]
"In this case, a monetary penalty was not appropriate because the information that was compromised was unlikely to cause substantial damage or distress, and its disclosure didn’t present a significant risk to the individuals affected," she explained.
The decision not to fine CLP was also influenced by the fact that the company already had appropriate data protection policies in place, even if they weren't followed in this case.
Ian Mackie, CLP's managing director, signed a undertaking that involves deploying data loss prevention software across the company's servers and testing all of its databases.
Accidental exposure is a big issue and has been the cause of major data leak incidents. For example, the Texas Comptroller's Office recently discovered that a file containing the personally identifiable information of 3.5 million residents was left accessible to the entire world on one of its servers for more than a year.