ICO fine for British Airways

  1. Home
  2. Latest
  3. ICO fine for British Airways

ICO fine for British Airways

ICO fine for British Airways

The Information Commissioner’s Office (“ICO”) has notified British Airways (“BA”) that it intends to give the airline the biggest data protection fine in history. The fine is £183.4m which represents 1.5% of BA’s worldwide turnover. The fine could have been as high as 4% of worldwide turnover.

The fine relates to a hack of BA’s website in the summer of 2018 when approximately 500,000 individuals’ data was diverted to a fraudulent website where their personal data was taken.

Matthew Holman, Head of our data protection team, comments: “BA could be hit twice, once with a fine and then again with compensation payments.”

“In addition to the fine, BA may face an equally large compensation claim from affected individuals who form a class action against BA.”

The BA fine gives us an indication of the following things:

1. The ICO is not afraid to levy big fines on big businesses. £183.39m would be the biggest fine ever levied to date.
2. The fine relates to BA’s failure to have appropriate technological security in place.
3. The ICO has yet to release how it calculated the amount of this fine.
4. BA has explained that no evidence of any harm to the affected individuals has been found, demonstrating that the ICO will take action on principle rather than based on evidence of harm.

Matthew Holman continues: “At this stage the fine is not finalised and BA has the ability to file objections with the ICO, which in other words is BA’s chance to try and argue a reduction in the fine. BA has indicated this morning that it intends to appeal the fine.”

“We know that the ICO also has other large investigations in the pipeline, including Marriot Hotels, Facebook and Dixon Carphone warehouse. The Dixon Carphone warehouse case is particularly notable as circa 10m customer card details were lost, compared to just 500,000 with BA.”

“Today’s fine is a clear message of intent to those business and all others: the ICO will levy crippling fines when personal data of individuals is lost (even if those individuals suffer no harm).”

For more information on this topic, please contact Matthew Holman, or you can give us a call on 0345 070 6000.