When British Airways’ data systems were compromised, the airline was given a then record fine of £183m, 367 times higher than the £500,000 penalty imposed on Facebook. The difference, of course, is Europe’s General Data Protection Regulation (GDPR), allowing fines of up to 4% of annual turnover. That means British Airways could have been fined £500m. The message is clear – make sure all data is secure from cybercrime.
British Airways’ record fine amounts to 1.5% of its worldwide turnover in 2017. The Information Commissioner’s Office (ICO) said the incident took place after 500,000 users of the airline’s website were diverted to a fraudulent site harvesting their details.
BA faces record £183m fine over data breach
Shocked by the ICO’s £183m fine, British Airways chairman Álex Cruz insisted that they had responded quickly to the stealing of customers’ personal and financial information in 2018 from the ba.com website and the airline’s mobile app.
The ICO investigated this case as lead supervisory authority on behalf of other EU Member State data-protection authorities. “The law is clear,” Information Commissioner Elizabeth Denham said, “when you are entrusted with personal data you must look after it.”
Although British Airways insists there is no evidence of harm to passengers, and promised to indemnify customers who suffered financially when their credit-card data was stolen, they still face a fine of £183m for the data breach.
UK proposes £183m fine over British Airways data breach
Janina Conboye, The Financial Times
Following British Airways’ record fine of £183m for allowing the theft of customer data, the Information Commissioner warned all companies they would face scrutiny to “check they have taken appropriate steps to protect fundamental privacy rights”.
To ensure you and your clients don’t face a costly investigation from the ICO, make sure you catch up on the latest data-protection technologies.