Heathrow Airport Limited (HAL) has been fined £120,000 by the Information Commissioner’s Office (ICO) for failing to ensure that the personal data held on its network was properly secured. On 16 October 2017 a member of the public found a USB memory stick, which had been lost by a HAL employee. The stick, which contained 76 folders and over 1,000 files was not encrypted or password protected. The member of the public viewed the material it contained at a local library. Although the amount of personal and sensitive personal data held…
Tag: Data
ICO statement in response to Facebook data breach announcement
ICO Deputy Commissioner of operations, James Dipple-Johnstone, said: “It’s always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. “We will be making enquiries with Facebook and our overseas counterparts to establish the scale of the breach and if any UK citizens have been affected.” Source
Bupa fined £175,000 for systemic data protection failures
Bupa Insurance Services Limited (Bupa) has been fined £175,000 by the Information Commissioner’s Office (ICO) for failing to have effective security measures in place to protect customers’ personal information. Between 6 January and 11 March 2017, a Bupa employee was able to extract the personal information of 547,000 Bupa Global customers and offer it for sale on the dark web. The employee accessed the information via Bupa’s customer relationship management system, known as SWAN. The system holds customer records relating to 1.5 million people. The employee sent bulk data reports…
ICO takes action for failure to pay new data protection fee
The Information Commissioner’s Office (ICO) has begun formal enforcement action against 34 organisations that have failed to pay the new data protection fee. The data protection regulator has sent notices of its intent to fine the organisations unless they pay. Those who don’t could face a maximum fine of £4,350. All organisations that process personal data must pay a fee to the ICO unless they are exempt. The money is used to fund the ICO’s data protection work and new and expanded services we have introduced such as our advice…