[johngd]

I'll add my two cents a non-Brit: I have never heard of the ICO until this thread. Someone please correct me, but the closest thing we have in the states may be contacting the Attorney General?

I say this thinking of the argument the rest of the world makes when the DMCA threat is used against a non-US entity.

[DanBC]

The ICO is a bureaucrat with responsibility for enforcing the Data Protection Act. There is a small amount of overlap with the Surveillance Commissioner who oversees all surveillance, especially under RIPA (regulation of investigatory powers act).

The ICO is reasonably good - I don't get any (personal) junk telephone calls or junk mail because of our laws about how companies handle my data. (This seems like a trivial example now I've typed it! But it did mark a clear difference between before and after ICO).

https://ico.org.uk/

The website and reporting is much better than it used to be. ("Please download, print, and complete this MS Word document, then post it to this address")

[clobec]

Moonpig is UK based. He could have looked up how to report a data breach in the UK.

Not sure what the DMCA reference is about. I understand that people use DMCS on companies that are not US based therefore it has no power. Still not sure why you mentioned that though.

[johngd]

Yea, you're right; I thought that some context might be needed after I posted.

They aren't related whatsoever, however the thought process of being put into the same position as the security research in this article is what made the connection for me. Assuming that the author wasn't from the UK (he probably is, but bare with me), as someone from the States I would have assumed that having an email exchange with the company was more than enough especially if there a reply on their end.

From my perspective, again knowing nothing about UK law (as much as people in the UK, China, or Fiji may know about US Law), I wouldn't know where to turn after that. Maybe a teaser post, without disclosing everything? If it weren't for the fact that the author stated that he had several two-way conversations with a representative of the company, I would have more sympathy for moonpig.

Speaking of which: How effective is the ICO?

[troels]

The ICO is pretty well known in the UK though. I'm not from the UK and I know about them. (Mostly because of their role in the whole eu-cookie-law farce)