Marriot fine
I read a headline $123m for 339m customers, about .30 per customer whose data went for a walk?
The Information Commissioner's Office issued £3m worth of fines for data breaches in the year to April 2018 – a mere fraction of its recent proposed GDPR-enabled penalties on British Airways and Marriott. Man opens hotel room with key card Marriott's got 99 million problems and the ICO's one: Starwood hack mega-fine looms …
$123M for 339M is a damn sight better than £250k for 500M as Yahoo got.
I would also posit that fining a company into oblivion hurts those at the bottom way more than it hurts those who made the decisions that lead to the breach.
I don't have a solution, just lingering malcontent.
Bare in mind the ICO never got near it's maximum fine and continues to low ball even when hundreds of millions of citizens details have been leaked. Do we need to find life on other planets before they start handing out the maximum or does it need to be every single living individual?
There should be a bar where above that you're going to be hammered with a fine which will incense shareholders, that's the only way to impact these global businesses.
Good question but I very much doubt they are holding personal information of individuals to anywhere near the scale of BA or Equifax.
They probably hold the records of everyone that has made a complaint and the contacts at the companies that they are investigating with little else.
You would think that their security budget and staff skill would be something to aspire to. Time will tell.
In their investigations you would expect they need to validate the content of any leak, so it is possible they have a copy of the leaked data.
If they were subsequently hacked and lost that data again, would they be subject to the same level of fine as they levy on the original leak?
They would presumably need to investigate themselves, who watches the Watchers?
Hypothetical answer?
"The ICO has covered an enormous amount of ground over the last year – from the introduction of a new data protection law, to our calls to change the freedom of information law, from record-setting fines to a record number of people raising data protection concerns.“
<beep>
“Our performance bonuses have never looked so good. Many of my staff are busy checking the Maserati website for cars GDPR infringements.”