ICO Fines British Airways

Today the UK’s data protection regulator, the ICO, announced their intention to fine British Airways £183M as provided by the GDPR for a recent breach which leaked 500M people’s personal information.This fine is notable in that it is 1.5% of global revenue - which is a lot for a purported attack, which resulted in data loss and in which the company worked closely with regulators throughout the process. It will likely be a critical case that will be used within companies to demonstrate the long-standing mantra of privacy professional of “you did some things to protect, but you didn’t patch, you didn’t close issues, a bad thing happened, and a huge fine came in the door.”This announcement should help reinforce enterprise DPO’s messaging to their respective businesses that privacy costs time and money to do, but costs a lot more not to do.https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/ico-announces-intention-to-fine-british-airways/