- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Fines Issued by the ICO Surge by 1580% in 2020/21
The Information Commissioner’s Office (ICO) issued a record £42m in fines during the financial year 2020/21, representing a 1580% increase on the previous year, according to an analysis by international law firm RPC.
This figure was mainly comprised of penalties imposed by the UK’s data protection watchdog for two high-profile data breaches that resulted in millions of people’s personal data being compromised. In October 2020, a £20m fine was issued to British Airways for security failings that enabled a cyber-attack to take place in 2018, leading to personal data of 429,612 customers and staff being accessed. In the other case, in October 2020, hotel chain Marriott International was fined £18.4m by the ICO over a data breach that saw an estimated 339 million guest records exposed globally.
Both of these fines were significantly lower from the figures originally proposed by the ICO, with the body taking into account the economic damage of COVID-19 on these businesses.
In addition to these blockbuster fines for data breaches, there was also a four-fold rise in the number of fines related to nuisance messaging and cold calling issued by the ICO in 2020/21 compared to the previous year.
Richard Breavington, partner at RPC, commented: “Clearly, the ICO will impose blockbuster fines when it wants large organizations to sit up and take notice. However, overall the ICO has been very fair in terms of the levels of fines it has set.
“The overall number of fines arising from cyber-breaches has remained fairly consistent despite a sharp jump in the number of actual cyber-attacks.
“At the outset of the GDPR regime, there was the concern that the ICO would be making full use of its powers to fine, but so far, it seems to only be fining as a last resort.
“The two large fines could have been even higher, but the ICO appears to have taken into account the devastating impact of coronavirus on the travel and hospitality sectors and reduced them. However, businesses shouldn’t become complacent.”
Under the General Data Protection Regulation (GDPR), the maximum fine the ICO can issue is £17.5m or 4% of a company’s total worldwide annual turnover, whichever is higher.