Shorter Reads

Good(ish) news for BA

1 minute read

Published 20 October 2020

Authors

Share

Key information

In July 2019 the Information Commissioners Office announced an intention to fine BA £183M for infringements of the GDPR. Around 400,000 users of the BA website had been diverted to a fraudulent site where the customers’ login, payment and travel details were harvested. The breach was not discovered until 2 months later.

The ICO considered that BA’s security measures were inadequate and proposed the largest ever fine, albeit well below the maximum fine that could have been imposed. It not only reflected the seriousness of the specific breach but sent a message to large corporates that, unless they paid close attention to data privacy, they could expect very tough enforcement measures for breaches.

Since then, BA has taken steps to improve the security of the data obtained via its website and has cooperated with the ICO, while challenging the size of the proposed fine.

The ICO has today announced that the fine actually imposed is £20M. This is obviously a very welcome reduction in BA’s liability at a time when its business has been decimated by the coronavirus. It also reflects the benefit of swift action to remedy a breach (so far as possible) and close cooperation with the ICO.

Nevertheless, it is still the largest fine confirmed by the ICO, reinforcing the fundamental importance of GDPR compliance.

https://www.bbc.co.uk/news/technology-54568784

Message us with any questions

Related latest updates
PREV NEXT

Arrow Back to Insights

Shorter Reads

Good(ish) news for BA

Published 20 October 2020

Associated sectors / services

Authors

In July 2019 the Information Commissioners Office announced an intention to fine BA £183M for infringements of the GDPR. Around 400,000 users of the BA website had been diverted to a fraudulent site where the customers’ login, payment and travel details were harvested. The breach was not discovered until 2 months later.

The ICO considered that BA’s security measures were inadequate and proposed the largest ever fine, albeit well below the maximum fine that could have been imposed. It not only reflected the seriousness of the specific breach but sent a message to large corporates that, unless they paid close attention to data privacy, they could expect very tough enforcement measures for breaches.

Since then, BA has taken steps to improve the security of the data obtained via its website and has cooperated with the ICO, while challenging the size of the proposed fine.

The ICO has today announced that the fine actually imposed is £20M. This is obviously a very welcome reduction in BA’s liability at a time when its business has been decimated by the coronavirus. It also reflects the benefit of swift action to remedy a breach (so far as possible) and close cooperation with the ICO.

Nevertheless, it is still the largest fine confirmed by the ICO, reinforcing the fundamental importance of GDPR compliance.

https://www.bbc.co.uk/news/technology-54568784

Associated sectors / services

Authors

Need some more information? Make an enquiry below.

    Subscribe

    Please add your details and your areas of interest below

    Specialist sectors:

    Legal services:

    Other information:

    Jurisdictions of interest to you (other than UK):

    Article contributor

    Enjoy reading our articles? why not subscribe to notifications so you’ll never miss one?

    Subscribe to our articles

    Message us on WhatsApp (calling not available)

    Please note that Collyer Bristow provides this service during office hours for general information and enquiries only and that no legal or other professional advice will be provided over the WhatsApp platform. Please also note that if you choose to use this platform your personal data is likely to be processed outside the UK and EEA, including in the US. Appropriate legal or other professional opinion should be taken before taking or omitting to take any action in respect of any specific problem. Collyer Bristow LLP accepts no liability for any loss or damage which may arise from reliance on information provided. All information will be deleted immediately upon completion of a conversation.

    I accept Close

    Close
    Scroll up
    ExpandNeed some help?Toggle

    Get in touch

    Get in touch using our form below.