ICO warns Nominet of misdirected email danger. They should know, they’re the regulator!

by Edwin on September 26, 2013

In responding to Nominet’s second consultation on the possible release of .uk domain names at the second level (i.e. example.uk) the Information Commissioner’s Office (ICO) warns:

In terms of specific security issues, we are concerned that the addition of second level .uk domains could result in confusion, and potentially lead to security incidents. For example, the possibility of two separate organisations having the same domain but at different levels – which could confuse individuals and result in wrongly directed email, for example. Depending on the type of organisations involved, such a disclosure could result in financial or sensitive information being wrongly disclosed.

This warning has real teeth, since the ICO is responsible for enforcing policy on misdirected emails under the Data Protection Act.

The consequences of misdirected email can be severe. In the last 3 years, the ICO has fined:

As the ICO’s warning makes clear, the introduction of a confusingly similar second level domain structure has the potential for such cases to spiral out of control, with severe financial and legal consequences for the organisations concerned. Although the fines listed above all happened to be issued to councils, this is a coincidence – the ICO regulates all manner of organisations, including private companies and non profits.

It is important to note that this is an “unfixable” problem in that it will arise automatically should .uk be introduced, regardless of the specific introduction mechanism.

Comments on this entry are closed.

Previous post:

Next post: