Not flying under the radar

Glass Times editor Nathan Bushell responds to news that BA will receive a record-breaking fine for a massive data breach.

In the same week that Facebook users were reportedly handing over significant amounts of personal date to an app that aged them, we learned that British Airways will be fined £183.39 following a sizeable breach of the General Data Protection Regulation (GDPR).

The fine, which will eclipse the previous record of Google’s £44 million penalty, relates to a cyber-attack last year. The data breach saw website users directed to a fraudulent site, where customer details were harvested. In total, over 500,000 customers were affected with login, payment card, and travel booking details as well as the name and address information all compromised.

Information commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

While BA chairman, Alex Cruz says he is “surprised and disappointed” by the decision, Willie Walsh, chief executive of IAG, said: “British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”

While the fine is the equivalent of 1.5% of BA’s worldwide turnover in 2017, it could be far worse with a maximum fine of 4% of annual global turnover available to the ICO.

Jade Greenhow, operations director at Insight Data, said: “It’s a message the window industry needs to hear as many think they are too small to avoid the cross hairs of the ICO. In fact, it’s never been so important to ensure your business complies.”