ICO issued more than £40m in data breach fines in 2020

The Information Commissioner’s Office (ICO) handed out fines totalling more than £42m for data breaches last year, a report has revealed.

Fines were given out for breaches of the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act (DPA), with a penalty for British Airways amounting to almost half of the £42.41m total.

The ICO had stated their intention to fine the airline £183m following a cyberattack in 2018 which saw half a million customers’ details harvested by hackers.

But that was reduced to £20m because of the impact of the COVID-19 pandemic, with an investigation finding that BA had breached the DPA because it was processing “a significant amount of personal data without adequate security measures in place”.

A total of 17 penalties were issued last year according to official figures in the ICO’s work to recover fines report.

The second largest fine, £18.4m, was handed out to Marriott International Inc on October 30, also for a breach of the DPA.

That was followed by Ticketmaster LTD with a fine totalling £1.25m for data breaches on November 13. DSG Retail Ltd, CRDNN Limited, Cathay Pacific and CRDNN all received fines totalling £500,000.

Businesses have been urged to check their privacy measures and to use a third-party solution if necessary following the release of the report.

Charlie Smith, a consultant solutions engineer at Barracuda Networks, said: “Unfortunately, it has become apparent that many business owners, workers and consumers are not aware of the need for backup and recovery services for their email service providers.

“Our own research even revealed that 40 per cent of Office 365 users believe that Microsoft provides everything they need to protect their data and software.

“While Office 365 does offer some level of security, even Microsoft suggests using a third-party backup to ensure that data is fully protected and retrievable. Without it, organisations can be left prone to accidental data loss and even ransomware attacks.

The industry hit with the biggest penalties was marketing with a total of nine fines issued, followed by three fines for firms in the transport and leisure sector.

Additionally, the ICO handed out three court orders for winding-up upon petitions in 2020. Trusted Futures Ltd received a penalty of £70,000, Superior Style Home Improvements was fined £150,000 and Alistar Green Legal Services Ltd received a punishment of £90,000. All three organisations were given court orders in 2020.

Back to Top