Project Description
The client, a manufacturer of hardware and software, was informed by one of its customers that data relating to other customers was visible when they logged into the client’s portal. This was particularly concerning since the customer is a major UK brand and a flagship customer for our clients. Other advice was taken which recommended a report to the ICO. After 48 hours had passed, we were instructed and, with the client, we analysed the extent of the breach and the likelihood that it had occurred previously. After considering all the factors we advised that there was no requirement to report to the ICO or contact other customers. We assisted our client reporting very fully to the customer. The customer’s data protection officer expressed himself to be very happy with the report and its conclusions. The client said, “Next time I will call you first.”