So it’s been confirmed by the ICO that one part of my problem with my data being withheld by Baby’s Days has been resolved at least. Despite knowing we wanted the data back, Baby’s Days went ahead and deleted the data anyway. The ICO have found that because this child’s data has been deleted by Baby’s Days / Sys IQ Ltd, they have not complied with Principle 7 of the Data Protection Act.
There are Eight Principles to The Data Protection Act and from my understanding Principle 7 – which is labelled “security”, is about, you guessed it – security. How ironic that a company plugging itself as “100% secure” has not complied with the part of the DPA relating to Security!
The ICO website says Pinciple 7:
means you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised
So which was it do you think blog readers? Was my co-minders daughters data accidentally compromised, in which case, how can you be sure this won’t happen to any data you have stored with the company?
Or do you think my co-minders daughters data was deliberately compromised, in which case, again, how can you be sure this won’t happen to any data you have stored with the company?
Either option doesn’t exactly scream 100% secure to me. What this now means is that under the DPA I have the right to take this matter to court, which obviously I intend to do. If anyone reading this might know someone who would like to take the case get in touch via the contact option on the blog or through Facebook.