How much

20 records.

Why

A security fault in an online competition meant that the personal details of individuals who registered could be accessed by user other than the data controller.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that the data controller will obtain sufficient guarantees from the data processor that it will conduct appropriate web application security tests in relation to any web applications  and that compliance with these guarantees are ministered.

Reason for action

It was felt that insufficient security testing had been performed on the web application intended for the competition, despite a written contract being in place between the data controller and data processor.

When

17 Apr 2012

Links

View PDF of the Toshiba Information Systems UK Ltd Undertaking (Via ICO Website)

View PDF of the Toshiba Information Systems UK Ltd Undertaking (Breach Watch Archive)