LongsightM13
Well-Known Member
Which is probably why we settled. While the Liverpool employees responsible have almost certainly committed criminal offences under the Computer Misuse Act and the Data Protection Act, City would also have been open to civil enforcement from the ICO under the latter legislation for failing to properly secure personal dataThe story was that they obtained and used the log in credentials of a former colleague at City. Their own had been cancelled. Still woeful cyber security though.