Record £183 million fine for British Airways data breach is a huge lesson for businesses

British Airways data breach

The £183 million fine being imposed on British Airways for the breach of its security systems last year should be a massive wake-up call to all businesses.

It’s a result of the introduction of the General Data Protection regulation (GDPR) which allows businesses to be fined up to 4% of their worldwide annual turnover in the most serious cases.

While BA said it was “surprised and disappointed” by the amount to be imposed by the Information Commissioner’s Office, it could have been far worse. The fine is 1.5% of the airline’s 2017 turnover, rather than 4%.

Under the previous Data Protection Act, fines were capped at £500,000, including in the Facebook/Cambridge Analytica data breach case.

This is what the Information Commissioner Elizabeth Denham had to say about the BA fine: “People’s personal data is just that – personal.

“When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.

“That’s why the law is clear – when you are entrusted with personal data, you must look after it.

“Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

Why you need secure shredding

Many data breaches originate with discarded confidential information in documents.

On Time Shred Managing Director Stewart Bowles said: “Protecting the data you hold as a business or organisation is vital.

“If you don’t you could face a substantial fine. Hackers and identity thieves often use documents with confidential data as the starting point for their illegal activities. So, while you should have good cyber security, you should also ensure your confidential data documents are shreddedsecurely.

“All levels of business need to be aware of the implications of these large fines. That’s why we’re offering businesses of between one to 30 workers a secure shredding contract from just £1.50 per day, which includes three of our lockable consoles.

“Other offers are available for larger businesses.

“You get the peace of mind of an audit trail to prove you handled data responsibly and the knowledge your documents are shredded securely by vetted staff.”

So, what happened in the BA case?

BA said it was the victim of a “sophisticated, malicious criminal attack” on its website by hackers last summer.

The ICO said users of British Airways’ website were diverted to a fraudulent site where details of an estimated 500,000 customers were harvested by the attackers.

It criticised BA’s security arrangements and said the data compromised included log ins, travel booking details, payment cards, and names and addresses.

BA has since improved its security and it cooperated with the ICO investigation.

Read the ICO statement.

Do you need more information on secure shredding? Call our On Time Shred experts on 0330 333 1234.