£366 per Person
£366 per person
That’s the equivalent price British Airways (parent group IAG) will have to pay if the ICO decides to uphold it’s interim announcement to fine BA £183.39m as a result of the airline’s 2018 data breach which exposed the personal details of 500,000 customers.
Impressively that’s even more than the £133m that yesterday’s negligible 1.5% drop in IAG’s share price shaved off its total market capitalisation (though the share price has been sliding recently, anyway, due to lower profits and the threat of strike by pilots).
So, the ICO has levied its first (non Cambridge Analytica-related) ‘GDPR era’ fine, using the 2018 Data Protection Act. What can we learn from it? Well, it’s no surprise that it’s for a data breach or that BA are a suitably ‘big name’. £366 per person whose personal data is breached would be a frighteningly high yardstick for most organisations which still hold lots of data on people they derive little commercial benefit from. But the fact that £183m is about 1½% of BA’s turnover might be more indicative and meaningful.
In any event, it may be time to have another cyber security audit!
And why not sign up for our Monthly Compliance Newsletter: