Recent Significant UK Data Breaches Round-Up
Posted on 05/10/2018
Another week, another data breach. The loss or theft of peopleâ€™s personal data from company databases has become a staple of news reporting. Hereâ€™s our round-up of recent breaches that have affected UK citizens.
For two weeks at the end of August and the beginning of September, BA customers that made bookings on the website or via mobile app had their personal and financial details compromised. The UKâ€™s regulatory body, the Information Commissionerâ€™s Office, are remaining tight-lipped about their investigation of the incident, only confirming that they are â€ś...making enquiries.â€ť As this breach has occurred firmly after the introduction of GDPR on May 25th, British Airways executives will be waiting anxiously to see if the regulator unleashes the full power of the legislation. Companies can face fines of up to 20 million euros or 4% of global turnover.
The UK arm of Equifax â€“ the international credit reference agency â€“ has been fined ÂŁ500,000 by the ICO after its US-based parent company admitted the theft of personal information relating to 15 million customers. The data theft took place in 2017, so the fine was issued under the Data Protection Act 1998. Under GDPR â€“ the fine could have been significantly larger. Equifax had a turnover of $3.1 billion in 2016. If the maximum fine of 4% had been available to the ICO, they could have fined Equifax $124 million.
The popular Facebook plug-in that allows users to share historical posts â€śexperienced a network intrusionâ€ť back in July of this year. Data stolen included the names, email addresses, dates of birth, gender and phone numbers of some 21 million users. 2.9 million of these fell under the jurisdiction of GDPR (i.e. the data belonged to EU citizens). Weâ€™ll keep you posted on how the Information Commissionerâ€™s Office investigation proceeds in this case.
Since the introduction of the GDPR, companies are demonstrating more transparency following a data breach, presumably in the hope of appeasing regulators. In the words of the ICO:
â€śThose who self-report, who engage with us to resolve issues and who can demonstrate effective accountability arrangements can expect this to be taken into account when we consider any regulatory action.â€ť
At Priviness, we offer courses tailored to meet the international data law compliance needs of your organisation. For more information about our privacy law compliance training, call us on 0203 2878 243 or email firstname.lastname@example.org.
Back To all catagories