Locks and Security News: your weekly locks and security industry newsletter
4th December 2024 Issue no. 732
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Implications of BA data breach and fine
Following the news that the ICO has issued British Airways with a £20m fine - the largest it has handed out to date - for failing to protect its customers' personal data in a previous cyber-attack, Paul Cahill, data breach solicitor at Fletchers Data Claims, outlines how this ruling might affect data breach liabilities moving forwards.
"Whilst it might seem that BA has had a lucky escape here - with the original notice from the ICO suggesting a fine of £183.9 million - the ICO's decision is likely to have large companies reviewing their data security arrangements and seeking to strengthen their protection against cyber-attacks.
"The ICO has decided that despite the fact that the data breach was not intentional or deliberate, BA was responsible for the breach of GDPR as a result of its failure to take 'appropriate steps' to secure its customers' personal data. This decision shows that whilst the ICO does accept that the attack on BA's systems was malicious, there were clear measures that could have been taken to protect customer data from such an attack.
"The decision suggests that companies cannot simply point to their security measures and suggest that they have tried to prevent an attack, but instead need to show that they regularly review and update their procedures, and could not have reasonably been expected to prevent the attack being successful."
21st October 2020