back to article UK watchdog fined firms £3m for data breaches last year – before its GDPR balls dropped

The Information Commissioner's Office issued £3m worth of fines for data breaches in the year to April 2018 – a mere fraction of its recent proposed GDPR-enabled penalties on British Airways and Marriott. Man opens hotel room with key card Marriott's got 99 million problems and the ICO's one: Starwood hack mega-fine looms …

  1. chivo243 Silver badge

    Marriot fine

    I read a headline $123m for 339m customers, about .30 per customer whose data went for a walk?

    1. ArrZarr

      Re: Marriot fine

      $123M for 339M is a damn sight better than £250k for 500M as Yahoo got.

      I would also posit that fining a company into oblivion hurts those at the bottom way more than it hurts those who made the decisions that lead to the breach.

      I don't have a solution, just lingering malcontent.

      1. EmilPer.

        Re: Marriot fine

        "hurts those at the bottom way more than it hurts those who made the decisions"

        aren't the decision making managers fined too usually ?

  2. Halfmad

    Still too low.

    Bare in mind the ICO never got near it's maximum fine and continues to low ball even when hundreds of millions of citizens details have been leaked. Do we need to find life on other planets before they start handing out the maximum or does it need to be every single living individual?

    There should be a bar where above that you're going to be hammered with a fine which will incense shareholders, that's the only way to impact these global businesses.

    1. Anonymous Coward
      Anonymous Coward

      Re: Still too low.

      "Bare in mind the ICO never got near it's maximum fine"

      Equifax and Facebook both got the (then) maximum fine of £500,000. TalkTalk were fined £400,000 (I'm taking 80% of maximum as the limit of "near").

  3. Aqua Marina

    Hypothetical question!

    What happens when the ICO gets hacked? Curious minds will no doubt endeavour to find out!

    1. LeahroyNake

      Re: Hypothetical question!

      Good question but I very much doubt they are holding personal information of individuals to anywhere near the scale of BA or Equifax.

      They probably hold the records of everyone that has made a complaint and the contacts at the companies that they are investigating with little else.

      You would think that their security budget and staff skill would be something to aspire to. Time will tell.

      1. DontFeedTheTrolls
        Big Brother

        Re: Hypothetical question!

        In their investigations you would expect they need to validate the content of any leak, so it is possible they have a copy of the leaked data.

        If they were subsequently hacked and lost that data again, would they be subject to the same level of fine as they levy on the original leak?

        They would presumably need to investigate themselves, who watches the Watchers?

        Hypothetical answer?

    2. Anonymous Coward
      Anonymous Coward

      Re: Hypothetical question!

      Some poor hacker ends up with a 2GB database of unpaid fines and the 1.44MB they got from Cambridge Analytical.

  4. macjules

    Trebles all round?

    "The ICO has covered an enormous amount of ground over the last year – from the introduction of a new data protection law, to our calls to change the freedom of information law, from record-setting fines to a record number of people raising data protection concerns.“


    “Our performance bonuses have never looked so good. Many of my staff are busy checking the Maserati website for cars GDPR infringements.”

    1. Cynical Pie

      Re: Trebles all round?

      The majority of ICO staff would struggle to afford a Mazda let alone a Maserati given the salaries they are paid.

      That said the office is right next to an Aston Martin dealers so if they do have some spare cash...

      1. Doctor Syntax Silver badge

        Re: Trebles all round?

        "That said the office is right next to an Aston Martin dealers"

        Aren't most places in Wilmslow right next to an Aston Martin dealer?

        1. Cynical Pie

          Re: Trebles all round?

          Not all of them... those at the station end of town are closer to the Porsche Showroom

    2. NeilPost Silver badge

      Re: Trebles all round?

      Phillip Hammond’s successor will make the ICO a profit centre

  5. Lorribot

    Does the that email leak....

    ...count as a data breach?

    If so, has it been reported to the ICO and who pays the fine to whom (Foreign Office to Treasury?)

  6. G R Goslin

    The reality is...

    That like tax, companies do not pay fines. The customer pays all tax, and all fines. Where else do you think the money comes from? Are the owners/shareholders charged? Do the wrondoers get punished? Does anyone face time inside? Does anyone get sacked? Like hell they do.

    1. DontFeedTheTrolls

      Re: The reality is...

      It will be interesting to see where the first casualties lie when the big fines hit.

      Is the board going to sack the CEO?

      Are shareholders going to sack the Board?

      Are the Directors going to be prosecuted?

      Agreed it's not there yet, but it's comnig

      1. G R Goslin

        Re: The reality is...

        So is the end of the world, if the Government and the BBC are to be believed

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022