In America, you would be lucky to get a $200 discount coupon. No wait, I meant $20.
After waiting five years. After the final judgement. No, that is not an exaggeration.
British Airways has settled the not-quite-a-class-action* lawsuit against it, potentially paying millions of pounds to make the data breach case in the High Court of England and Wales go away. PGMBM, one of the law firms which brought the group litigation against BA to the High Court, said in a statement that the case was …
My view is that if a company leaks your personal details, they should make things be as before the leak.
Leaked your address? They should pay for a complete relocation, buy you a similar house, find your spouse and yourself a new job in the new area and so on.
Leaked your name? Pay for replacing all documents with a new name.
Leaked your photo? Pay for a plastic surgery.
"Leaked your photo? Pay for a plastic surgery."
I had a basal cell carcinoma*, and needed plastic surgery when I had it removed. Unless you are really dissatisfied with your appearance, I cannot recommend it.
*Skin cancer, but not melanoma. BCC is considered 'the best sort of cancer' to have as it does not spread and is relatively easy to treat by surgery or radiotherapy. I suggest surgery if you can, as radiotherapy does tend to kill more of the surrounding tissue than is removed by surgery.
Oh, well, that's alright then. BA was definitely not to blame for the data breach, did nothing wrong, nothing at all.
I am sick and tired of large organisations just throwing money at people without admitting liability for anything when quite clearly they have been guilty of gross negligence at the very least. I guess that at leat they apologised, but without admitting liability or having made any mistakes the bosses get to keep their jobs, bonuses and smug grins.
Oh well, I guess I'd better get a more potent anti-paranoia pill. Nurse! Where's my tinfoil hat?
Especially since, in this case, they've paid out over £30m. That's not a "lets just pay up and make it go away" amount that would save on the time of going to court expecting to win. That's most definitely (IMHO) a "lets see how little we can settle for because we WILL lose in court and it will cost a shitload more, plus costs"
They didn't pay anything. Various its paid the money. But they are never held responsible.
Specific members of management made specific decisions that led to this. Those people and anyone up the chain, including the board of directors, should be responsible for the payment.
P.S. a 35% lawyer cut may be normal but it doesn't make it any less absurd.
I'd be willing to bet if you went deep enough into literally any enterprise/large organisation on the planet, you'd find something equivalent to this.
The trouble with this is that it only becomes known _after_ it has caused a problem. The person or personS who were responsible will never be held to account and in some cases not even known.
As much as these large businesses have thousands of pages of information security policies - getting them working in practice and enforced is a completely different matter.