|Breach of act
|Unencrypted spreadsheets were placed on a torrent site following a denial of service attack. “Home-use” web service used rather than a business package.
Inappropriate organisational and technical measures.
|Known or should have known
|Data controller was fully aware of the sensitive nature of the data he dealt with and that his business was controversial and unpopular with some. The risk of attack was clear, yet he set up his set without professional IT advice.
|Likely to cause damage or distress
|Financial and medical information of many individuals.