Email and the Law

The fall-out from TalkTalk’s hack

As exciting titles go, House of Commons Culture, Media and Sport Committee Cyber Security: Protection of Personal Data Online Report (PPDO) is not one of the snappiest. We’ll stick with (PPDO). What with Brexit concerns, it might well have passed you by. Yet it deals with a significant threat to those who store personal data, and particularly email marketing lists. You need to be aware of it. 

The hack of TalkTalk’s database resulting in personal information being accessed, not to mention the report that Acer computer manufacturers have had the credit card details of 34,500 customers’ hacked, it is remarkable that we have so many people willing to share their details on line. The PPDO needed to address the public’s concerns.

WizEmail's Security Bot will make sure you will abide by all email marketing laws of this here landThe PPDO, whilst not a thrilling read, is not technical and its conclusions are clear. There are 17 in all, but they are quite brief. Those in email marketing need to read it.

We won’t go through each one here, but just discuss the general points, the first of which is criticism of the ICO’s low staffing levels. In the eight months since the TalkTalk hack was revealed, those affected still have not been told of the circumstances. 

The most significant aspect for us is apparent in a number of the 17 points: Responsibility and Penalty.

The report points out that in three cases over an extended period of time the ICO has fined companies for hacks which have used the SQL language as a way in. It is apparent that they feel that companies should be aware of trends in cyber crime and take steps to ensure they are not vulnerable. 

It suggests that CEOs cannot be held responsible in larger firms, and that there should be a dedicated person whose role would be to ensure data is safe. This person should have access to the board.

The way to ensure compliance with these guidelines is via a series of escalating fines, with a suggestion for increasing the maximum.

In short, companies will be made responsible for keeping themselves up to date with trends of cyber crime. Great idea, but it needs the ICO to publish such data in a short time scale. A pdf of the report can be found here:




30 days full functionality - No credit card required - INSTANT ACCESS