The Information Commissioner has shut down a consulting firm that was selling private data about construction workers.
Consulting Association, run by Ian Kerr, operated a database holding details on 3,213 construction workers. He sold access to the data to over 40 firms for a 3,000 annual fee plus 2.20 to access each individual, according to the Information Commissioner's Office (ICO).
The construction firms used the data to vet potential workers, and the database held information about their personal relationships, connections to trade unions and employment history.
The ICO told the BBC that the database also held notes on what people thought of the workers, including calling them "lazy and a trouble stirrer." Other comments included "ex shop steward. Definite problems. No Go" and "Communist Party".
The ICO raided Kerr's West-Midland's business at the end of February, seizing the data. He faces prosecution for breaching the data protection act, and has been ordered to stop trading, which the ICO said he has done.
Deputy information commissioner David Smith said in a statement: "This is a serious breach of the Data Protection Act. Not only was personal information held on individuals without their knowledge or consent but the very existence of the database was repeatedly denied."
Under the Data Protection Act, any organisation holding personal information must be open about how they use it and most are required to register with the ICO. "Kerr did not comply with the law on either count," said Smith.
The ICO is also considering taking regulatory action against the construction firms that had at some point subscribed to the database, which include "household names." The full list of companies which accessed the data is available on the ICO's website.
"I remind business leaders that they must take their obligations under the Data Protection Act seriously," Smith said. "Trading people's personal details in this way is unlawful and we are determined to stamp out this type of activity."
On 16 March, the ICO will launch a dedicated enquiry system offering help to people who believe their personal data is being held in such a way. However, Smith asked that people hold off until then before contacting the ICO on such issues.
-
What is polymorphic malware?Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the companyOpinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
P2PInfect self-replicating Rust worm discovered attacking Redis instancesNews Researchers believe that the worm could be laying the groundwork for a larger campaign to be launched at some point in the future
-
Redefining modern enterprise storage for mission-critical workloadsWhitepaper Evolving technology to meet the mission-critical needs of the most demanding IT environments
-
MWC 2023: Huawei launches 'world's best' ransomware detection systemNews Huawei claims its Cyber Engine database security system has a 99.9% detection rate, but experts have been quick to weaken the sentiment
-
Dutch hacker steals data from virtually entire population of AustriaNews The data was stolen from a misconfigured cloud database found by the attacker through a search engine
-
IRS mistakenly publishes 112,000 taxpayer records for the second timeNews A contractor is thought to be responsible for the error, with the agency reportedly reviewing its relationship with Accenture
-
Database and big data securityWhitepaper KuppingerCole 2021 Leadership Compass Report
-
Modernise your legacy databases in the cloudWhitepaper An introduction to cloud databases
-
Microsoft Azure flaw exposed 'thousands' of customer databasesNews Security research Wiz describes Cosmos flaw as "the worst cloud vulnerability you can imagine"
