British Airways fined £183m for data breach
BRITISH AIRWAYS (BA), the country’s flag carrier, used to advertise itself as “the world’s best airline”. That slogan, used by the airline between 1989 and 2004, trumpeted its status as the world’s largest carrier by international passenger numbers. British Airways also claimed to provide some of the best service in the world, for example, by introducing the world’s first fully lie-flat airline seats in 1995. But a- now it’s an airline hated by passengers and journalists. In recent years it has gotten rid of free food and drink in economy class on most short-haul flights, squeezed 20% more seats on some of its planes and – horror of horrors – had fresh flowers removed from his first grade loos.
But nothing has exemplified BA’s falling service standards as much as last summer’s data hack in which around 500,000 people had their personal data compromised, giving -enter credit card details, stolen by hackers. On July 8 the Information Commissioner’s Office (ICO), a British regulator, said it planned to fine the airline £183m ($229m) for the data breach. This is the largest fine ever imposed for a data breach and the first since the introduction of stricter data privacy regulation across the European Union: the General Data Protection Regulation (GDPR). Responding to news of the fine, Information Commissioner Elizabeth Denham said, “People’s personal data is just that – personal.” Companies should now expect to be hit with heavy fines if they break the rules.
Rafi Azim-Khan, head of data privacy at Pillsbury, a law firm, warns that this is the first of many large fines that will be handed out to companies for data breaches. The ICO had warned a long time ago that they would start imposing much larger fines after the introduction of GDPR regulations. The biggest penalty ever handed out by the ICO – a £500,000 fine on social networking giant Facebook for its role in the Cambridge Analytica data harvesting scandal – was the maximum allowed under the t -previous data protection set. rules. The ICO is now allowed to issue fines of up to 4% of a company’s annual turnover. BA was raised at 1.5% of its turnover in 2017, the financial year before the bankruptcy. Regulators in France, Germany and Ireland are already cracking down on the issues of several tech giants and say they are not afraid to use their new powers to the full.
But what angered those whose data was stolen was the response of management at IAG, the group that owns British Airways, who refused to accept unconditional responsibility for the breach. In a statement Alex Cruz, head of BA, said, “We are surprised and disappointed by this first finding from the ICO. Meanwhile Willie Walsh, chief executive of IAG, was quoted as saying, “We intend to take all appropriate steps to vigorously defend the airline’s position, including re- any necessary applications. Although IAG apologized to its customers for any “inconvenience” it caused, it tried to blame the check on an unnamed criminal. And that’s why the ICO was empowered to issue such large fines: to force companies to take action to prevent hacks, rather than just passing the buck when they do. .