Press Release

ICO shows it means business with recent £multi-million penalties

The Information Commissioner’s Office (ICO) has recently announced two significant fines after a lengthy review following the data breach incidents at British Airways and Marriott International.

The information rights regulator announced two substantial fines for British Airways in September, fining the airline £20m, followed a week ago by an announcement that Marriott International faces an £18.4m penalty.

Kingsley Hayes, head of data breach at Keller Lenkner UK, commented: “The ICO has taken a methodical approach to investigating each of these breaches before imposing a final fine. While British Airways faces the largest data breach penalty to date, followed closely by Marriott International, both organisations will be paying significantly less than the originally proposed figures.

“The Information Commissioner’s Office has considerably reduced the BA fine from £183m while Marriott will be paying £18.4m instead of £99m.

“The financial impact of the pandemic was taken into consideration, alongside the extensive co-operation of both businesses, which purport to have implemented improved security systems to prevent a recurrence.

“The message to businesses remains clear, protect customers’ private information or face hefty consequences. While both BA and Marriott may have successfully avoided far heavier fines, the reputational damage is an additional hidden cost.

“Both will have suffered serious financial losses during the pandemic. While the ICO is taking the Covid circumstances into consideration, it has shown that organisations will still be held accountable for failing to have the appropriate security measures in place.

“Businesses are required to securely collect, store and process personal data – this includes being responsible for the security of private information throughout its supply chain.”

Ends

Rana Audah

Share
Published by
Rana Audah
4 years ago

Recent Posts

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches and… Read More

7 months ago

Join our MOVEit/ Zellis Data Breach Action

We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More

7 months ago

One year on – the extent of the MOVEit data hack is just becoming clear

The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More

7 months ago

Join our 23andMe Data Breach Action

We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More

7 months ago

ICO and Canadian counterpart to investigate 23andMe data breach

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More

7 months ago

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

7 months ago