Skip to main content

ICO ironically fails to secure its own site

The Internet Commission Office (ICO) likes to make sure all organisations know about safety and security on the web, but earlier today the commission's own website failed to present a valid SSL security certificate.

Firefox owners were notified that the site should not be trusted and it looks like the ICO forgot to automatically acquire a new certificate once the current one expired.


The commission has still not provided a SSL certificate, showing one of the most basic parts of internet security being ignored by the ICO.

In a statement, ICO claims it had issues uploading a new security certificate, which has lead to the brief loss of validation. Considering the ICO holds information on users, it could be considered a breaching of the Data Protection Act by not having a valid SSL certificate.

Visitors are being redirected to a HTTP version of the website, and anyone trying to access HTTPS will notice a button at the top-left of the search bar showing it is unsecure.

The ICO has been in the spotlight before for differences between public and private sector, recently announcing new regular audits to the NHS to maintain security, while shoe store Office lost millions of user's details and was let off with a warning.

This lack of regard for private sector security is a bit disheartening, at a time where the commission needs to make sure cyber safety is at the top of the importance list for online companies.

David has been a technology journalist for over six years, covering a wide range of sectors. He currently researches apps, app sectors and app markets for Business of Apps, and has written for ITProPortal, RTInsights, ReadWrite, and Digital Trends.