[jacquesm]

I read that enforcement report. I think it was fully warranted that the 1,000 pound fine was levied against that company. (1) they did not immediately report the fact that they disclosed that customers private information and (2) they did not have appropriate technical measures in place to avoid such problems, specifically: they were tasking their cs reps to cut-and-paste information between screens that could display the information of two unrelated customers, a super stupid and error-prone set up.

The fine, 1000 pounds is proportionate given the size of the entity it is levied against, the resources at their disposal and the turnover of the company, if the company had been much smaller one would hope for leniency but the fine would have not been levied at all or it would have been 1000 pounds, no middle ground there.

You'd hope they learned their lesson.