0 Members and 3 Guests are viewing this topic.
The spreadsheet of PlusNet users was sent in an unsecure format by a BT lawyerBT has admitted it sent the personal details of more than 500 customers as an unsecured document to legal firm ACS:Law, following a court order.The news could put BT in breach of the Data Protection Act, which requires firms to keep customers' data secure at all times.The e-mails emerged following a security lapse at ACS:Law.A BT official admitted "unencrypted" personal data was sent, adding it "would not happen again".The unsecured Excel documents were sent in late August by Prakash Mistry, a lawyer working for British Telecom, to Andrew Crossley - who runs ACS:Law."In accordance with the Court's Order of 17 February 2010 ("the Order"), please find enclosed the data in accordance with paragraph 1 of the Order," wrote Mr Mistry in the e-mail."Please acknowledge safe receipt and that the data will be held securely and shall be used only in accordance with the provisions of the Order," he added.Keep it safeHowever, while BT requested that the personal information be held securely, the data was sent in a unencrypted document that could be read by anyone accessing the e-mail.Two separate documents were sent out by BT. One with a list of 413 users which ACS:Law thought were sharing a music track called Evacuate The Dancefloor and a second document with more than 130 PlusNet users alleged to be sharing pornographic material."In answer to the question above about whether we sent out customer details in unencrypted files, I can confirm that this did happen," wrote a BT community moderator called Nigel on the firm's PlusNet forums."We are investigating how this occurred as we have robust systems for managing data."We have already ensured that this will not happen again."In this circumstance our legal department sent data to a firm of solicitors (ACS:Law) which reached them safely and we trusted that they would keep the data safe," he added.A spokesperson for BT-owned PlusNet told BBC News that it had contacted all of its affected customers and were "working with them closely to protect them as much as possible from further exposure".Simon Davies, from the watchdog Privacy International, told BBC News that BT had "comprehensively breached" the Data Protection Act."More significantly, they appear to be in contempt of a high court order," he added.The order, he said, was made in the High Court of Justice before Chief Master Winegarten on 7 July 2010.The ruling, ordering internet service providers to hand over data to ACS:Law, states that it should be provided in an "electronic text format by way of Microsoft Excel file saved in an encrypted form to a compact disk, or any other digital media".Mr Davies said he was going to write to the High Court and to the Attorney General and press for proceedings for contempt of court to be brought against BT.