Now the UK’s Information Commissioner’s Office has posted something about the legalities concerning the Ashley Madison data leak. Simon Rice writes, in part:
Wherever your sympathies might lie in relation to the people identified in the published data set, the fact remains that such details are personal information, with certain protections in law.
Like many online attacks, the data protection response is international. In this case, we’re liaising with our counterparts in Canada, where the company is based.
But with cases like this, there is still a domestic aspect to consider.
Anyone in the UK who might download, collect or otherwise process the leaked data needs to be aware they could be taking on data protection responsibilities defined in the UK’s Data Protection Act.
Similarly, seeking to identify an individual from a leaked dataset will be an intrusion into their private life and could also lead to a breach of the DPA.
It’s worth noting too that any individual or organisation seeking to rely on the journalism exemption should be reminded that this is not a blanket exemption to the DPA and be encouraged to read our detailed guide on how the DPA applies to journalism.
Read more on the ICO’s blog.