A former online gaming employee in England was convicted in a U.K. court this week of selling stolen customer data from 404 Gala Coral customers. Marc Ben-Ezra received a deferred three year sentence and was fined £2530 (USD $4000) after pleading to three counts of violating the United Kingdom’s Data Protection Act.
Cashcade’s Investigator Breaks Case
Ben-Ezra is believed to have obtained the data three years ago while working for an Israeli poker firm but didn’t attempt selling it until May of this year. The scheme was exposed when Ben-Ezra tried selling the information to several U.K. gaming figures including Cashcade Limited.
Cashcade hired a private security firm to conduct an investigation of exactly what Ben-Ezra had, and how he got it. The investigators purchased a sample set of data from Ben-Ezra for £1700 and turned over the purloined information to the U.K. Information Commissioner (ICO). ICO agents tracked Ben-Ezra through an e-mail address and arrested him this summer.
Ben-Ezra told investigators that he’d been hanging on the stolen data since 2008, but had only attempted to sell it recently to pay off gambling debts.
Despite Ben-Ezra’s clumsy attempts at black market information brokering, it’s not believed that any Foxy Bingo customers were harmed by his action. All effected parties were notified of the information breach as directed by U.K. law. ICO Commissioner Christopher Graham praised Cashcade officials for their handling of the case.
On iGaming forums, some posters were surprised that Ben-Ezra had received such a light sentence. IOC officials have been pushing for harsher penalties for information theft in the U.K.
DATA PROTECTION RESPONSIBILITIES FOR AFFILIATES
The United Kingdom introduced the Data Protection Act in 1998 to help consumers take control of who has their personal information and how that information is used. Its basic principles include:
- Customer data can only be used for the purposes disclosed to customers.
- Personal information can only be shared with other companies on an opt-in basis.
- Information collected by U.K. websites cannot be sent to companies outside of Europe without the customer’s consent.
- Consumers have the right to access or view any personal information held by a site.
Do European governments do too much, or not enough to protect personal information? Let us know what you think in our Online Gambling Laws and Regulations Forum.