With the news that British Airways expects to pay just £20m of its record-breaking £183m fine for its 2018 data breach, legal experts commented below.
The news that British Airways expects to pay just £20m of the initial intention to fine amount of £183m that was issued following their 2018 data breaches is an affront to data protection and the GDPR. The ICO’s decision last year to issue a record provisional intention to fine was a landmark decision that could set the standard for organisations and act as the candid warning that is so desperately needed in today’s age of continual breaches.
Given the volume of breaches that have taken place in recent years, it is clear to us that the importance of data protection is still not at the top of the agenda. Such a substantial reduction could seriously undermine the purpose of the GDPR, which was to act as a credible deterrent for organisations to ensure that they protect the information they store and process. At Your Lawyers, we stand by our compensation action to hold British Airways to account. They could potentially be liable for a total pay-out of up to £3 billion for victims who claim compensation for the breach, regardless of the value of the final regulatory fine.
We do understand the significant issues that the aviation industry faces as a result of the ongoing coronavirus pandemic, and it is extremely sad to hear that British Airways staff have suffered pay cuts and redundancies. Whilst we sympathise with BA’s predicament, fair punishment for the 2018 data breaches that left the data for almost half a million customers at risk cannot be avoided, and the first fines of the GDPR era for big breaches like this must set a proper precedent.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics