Privacy groups have poured scorn on the Information Commissioner's Office (ICO) after it ended an investigation into BT over sending customer information to the law firm ACS:Law.
BT reportedly sent details on 500 of its PlusNet customers to ACS:Law in plain text attached to an email.
The email was then leaked after the law firm was hacked.
ACS:Law has hit the headlines in the past few months for sending letters to people it believed had committed illegal filesharing.
The ICO indicated it had left the investigation in BT's hands.
"We have regular contact with a range of organisations regarding allegations of staff inappropriately accessing or disclosing personal information," an ICO spokesperson said.
"Where it is found that the data controller has adequate policies and safeguards already in place, the usual and most appropriate outcome in these cases is disciplinary action taken by the employer. However, where that employee is accessing records for personal gain, such as selling the data on to third parties, the ICO may open a criminal investigation."
Privacy International said it was an "incredibly dangerous decision" as it effectively dissolved "any pretence that a company is responsible for the actions of their employees at work."
"What makes this latest decision by the ICO worse than their usual incompetence, is that the ICO have decided BT Group PLC are not responsible for the breach of the Data Protection Act because it was one of their employees who sent the unencrypted data," the organisation's Alex Hanff said in a blog post.
"Christopher Graham has, in essence, now created a Data Protection regime where companies will not be held responsible for the actions of their staff."
Privacy International said it was going to push for a judicial review of the ICO's decision and seek a wider review of the watchdog as a whole.
The Big Brother Watch described the ruling as "puzzling."
"It appears to suggest that the information commissioner believes having a data protection policy in place is sufficient grounds to protect companies from prosecutions for breaking the law even when their employees disregard that said policy - and break the law," the body said in its own blog.
Responding to the criticisms, an ICO spokesperson said the watchdog was fully aware of its powers and was not afraid to use them.
"Enforcing and defending the rights of the UK public under the Data Protection Act has always been - and remains - central to the work of the ICO," the spokesperson said.
"Our workforce of data protection experts deal with thousands of complaints and complex investigations every year."
BT stated it had nothing to add outside of what the ICO said.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Optimise CX and accelerate business growth through your voice networkwhitepaper Protecting the human experience in a digital world
-
IDC InfoBrief: Sustainability doesn’t need to be all stick and no carrotwhitepaper CIOs are facing two conflicting strategic imperatives
-
‘The pace of change is taking its toll’: Business leaders are becoming burned out by rapid technological changesNews Tech leaders are contending with mounting stress levels amidst a sharpened focus on adopting new technologies and ramping up transformation efforts
-
Unlocking the power of your digital servicesSponsored Businesses have invested significant cash into technology since COVID-19, but are they really getting their money's worth?
-
The forgotten workforce needs a new communications strategySponsored Reliable communications technologies are key to building an efficient remote workforce
-
The future of work and the forgotten workforcewhitepaper How to deploy a mobile-first strategy so no one gets left behind
-
Building an outstanding digital experiencewhitepaper Insight into how banks and financial services organizations can deliver the digital experiences customers and employees expect
-
Inbound BT CEO Allison Kirkby faces challenge of leading telco through cuts in 2024News Kirkby brings years of experience heading some of the biggest telcos in the EU
