Ann Furudi, head of BPAS, stated the scale of the fine did not reflect the truth that the charity was a victim of a critical crime. Photograph: Sarah Lee for the Guardian
The UK’s main abortion provider is to appeal towards a £200,000 fine imposed after an anti-abortion campaigner hacked its website and accessed the names and telephone numbers of 1000′s of females requesting suggestions.
The hacker threatened to publish the names and addresses of females making use of the British Pregnancy Advisory Support, but was prevented by a court injunction. He was sentenced to 32 months in jail.
The Data Commissioner’s Office (ICO), which imposed the fine, said the charity did not realise its website stored the names, addresses, dates of birth and phone numbers of ladies who asked for its guidance.
But ignorance was no excuse, said David Smith, the ICO’S deputy commissioner and director of data protection.
“It is specially unforgiveable when the organisation is handing data as delicate as that held by the BPAS. Data controllers must take active actions to ensure that the personalized information they are accountable for is kept secure.”
The info commissioner mentioned the personal data was not stored securely and a vulnerability in the website’s code allowed the hacker to entry the program and locate the data.
BPAS also breached the Information Safety Act by maintaining the particulars of callers for 5 many years longer than was needed for its functions, the ICO stated.
BPAS mentioned it was appalled by the hacking, which it reported immediately to the police, but was also shocked by the dimension of the fine, against which it would appeal.
“We accept that no hacker need to have been able to steal our information, but we are horrified by the scale of the fine, which does not reflect the reality that BPAS was a victim of a critical crime by someone opposed to what we do,” the chief executive, Ann Furedi, explained.
“BPAS is a charity which spends any proceeds on the care of girls who require our help and on bettering public training and knowledge on contraception, fertility and unplanned pregnancy.
“This fine seems out of proportion when in contrast with individuals levelled against other organisations who have been not themselves the victims of a crime.
“It is appalling that a hacker who acted on the basis of his opposition to abortion should see his actions rewarded in this way.”
The hacker broke into the site on 8 March 2012.
“He defaced our internet site with anti-abortion messages and obtained names and phone numbers of folks who had utilized a internet form to request a callback from BPAS staff to go over problems relating to pregnancy, contraception and sexual well being,” the charity explained in a statement.
But the names, details and health-related records of girls who had utilised the abortion support have been never ever at risk, the charity extra.