Report comment

Why have all the comments been deleted? Upset the tender little things at TLS have they? Can't take any critisicism?

This article contains the statement "there is nothing the regulator can do to prevent these emails being sent". That is simply not a true statement. It may be an inadvertence rather than a deliberate lie, but it is not true.

The first (and indeed) primary thing the regulator can do is investigate from where the data was obtained. By doing that investigation, the regulator can then ascertain what measures are available to prevent similar breaches.

So, if - for the sake of example - it appears that a number of people in Lagos sat there searching one by one on "Find a Solicitor" for details of data (which I do not believe for one minute as it would be far too time consuming), then the source of the problem can be identified. The IP addresses will be logged which can be traced back. And more importantly, measures such as a Captcha can be put in place to make it more difficult and time consuming. Or the website responses could be formatted differently, or whatever.

If it turns out that an automated script harvested the data from Find A Solicitor, then the webserver can be configured in less than an hour to block IP addresses that make more than five requests a second (or some other limit).

If it turns out that the dataset is sold to anyone who phones up with cash, then a new policy can be developed.

So there is lots that can be done (although it is the Law Society's responsibility rather than the Regulator's).