Security News > 2000 > July > PowerGen coughs up after security scandal
http://www.uk.internet.com/Article/100322 James Middleton 21 Jul 2000 PowerGen is in the process of writing to each of its 7000 online customers to offer them 50 compensation for inconvenience caused, in the aftermath of the company's security scare. The utility has also closed down its online payment service and will, in co-ordination with the person who discovered the security hole, undertake a "review of website security and an internal inquiry". PowerGen has also released a statement to customers advising them to change their credit card numbers, as it is still not confirmed for what length of time the data was vulnerable. Retail managing director Mike Wagner said this was an "additional security measure". However, the scare has brought the UK's customer protection laws into doubt. Phil Jones, assistant commissioner at the Data Protection Registrar, said the customers who had their details published would not be liable for any compensation unless the data had been fraudulently used. "Only customers who suffer damage following a lapse in security will qualify for compensation if they can also prove they have suffered damage, and if they convince a court of this," he said. Apparently this is due to a part of the legislation that makes up the 1998 Data Protection Act, which does not entitle customers to compensation unless they suffer damages. It seems PowerGen has come up with the cash as an act of goodwill. Jones said the Department of Trade and Industry, and the Office of Fair Trading (OFT) would be responsible for improving security for Internet user's rights. The OFT would not reveal details, but a spokesman said that it is looking at creating a new department dedicated to protecting customer rights online. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".