@Chris W / AC / Cliff Stanford
"Let me get this straight, this agency left the door open and the ex-nanny decided to take advantage of the system so she's the guilty party. "
Erm, yes, guilty of an offence under section 1 of the Computer Misuse Act 1990 as previously quoted. An offence to which she plead guilty.
"I leave my wifi router open and someone decides to take advantage of my setup and you're saying I'm the guilty party."
Erm, no, I think you have me mixed up with someone else.
"It's one or the other. Either the misuser is guilty or the owner of the system is."
Go back, follow the link, read the act. The security or otherwise of the system to which unauthorised access is sought is irrelevant in the definition of an offence. If a system is totally unsecured, unauthorised usage is still a breach of section 1. OK ? So the 'misuser' commits an offence in any case.
Weather or not the the owner of the system is guilty of some other offence, such as a breach of the DPA is a separate issue, and indeed a separate set of legal proceedings in which the owner may indeed be found guilty. So you see, you actually *can* have it both ways.
If you feel strongly that the company should be prosecuted, make a complaint to the ICO, but don't hold your breath waiting for them to do anything about it. If you feel that ICO's inability to do anything useful is a terrible injustice, lobby your MP, with similar caveats.
Feel free to live in your script kiddie utopia where it's OK to mess with people's systems if they didn't secure them properly, by all means, but do so knowing that the law disagrees with you very strongly indeed.
@AC :
"It does not follow, unless specifically stated, i.e. if authorization was given it would have to be revoked, termination of employment alone would not guarantee it."
Common sense dictates otherwise. You can be as pedantic about it as you like, but you'll find that the default is employee == authorised, non employee != authorised.
@ Cliff
"Doesn't really compare with my six months suspended sentence and a £20k fine, does it."
No, it doesn't, but then you were convicted of an 'unlawful interception' offence under RIPA, (for the purposes of blackmail, IIRC) so it wouldn't, would it.