EQUIFAX FINED £500,000 FOR DATA BREACH OF 15M UK CUSTOMERS
The Information Commissioner's Office (ICO) has served the credit reference agency Equifax with a monetary penalty of £500,000 for global security failings in 2017 which compromised the personal data of 15 million UK data subjects.
Mishcon de Reya data expert Jon Baines said "It is important that, because the failings in question were from 2017, the applicable law was the now-repealed Data Protection Act 1998, and not the General Data Protection Regulation (GDPR). £500,000 was the maximum "fine" available under the old law, whereas the maximum under GDPR is E20m or 4% of global annual turnover (whichever is higher).
Equifax will no doubt be smarting from this regulatory action, but also counting themselves fortunate that GDPR did not already apply, with its potentially much higher sanctions. The worldwide effect of the security breach involved 146 million people, and other regulators will be observing the ICO's action with interest.
It took ICO eight years to serve a maximum penalty under the old law – one wonders how long it will be before we see signs of the increased "fines" under GDPR emerging".
For more information or to arrange an interview with Jon, please contact firstname.lastname@example.org / 020 7637 0656
*I obtained your details through Roxhill Media and would like to send you relevant press releases and interview opportunities. In line with the General Data Protection regulation, we will process your details under our legitimate business interest and you can object to this at any point by clicking on the unsubscribe button in this email or email me directly. For more information about how and why we process your data, please find more details on our privacy notice here