Tag Archives: Data Protection Act 1998

Security breaches always get a lot of press attention but to date there haven't been that many large fines imposed by the Information Commissioner's Office (the "ICO") in the UK. However, last week saw a big one (although some have questioned whether it is big enough) with TalkTalk being given a record GBP400,000 penalty due to a violation of the DPA's seventh principle on security. This comes on the back of the GBP1,000 fine a couple of weeks ago in respect of TalkTalk's failure to give notice to the regulator in due time, which we reported on: http://datonomy.eu/2016/09/13/ico-wins-tiny-penalty-but-significant-principle-in-talktalk-security-breach-saga/ This case relates to cyber-attacks perpetrated against TalkTalk between 15 and 21 October 2015 exploiting vulnerabilities in certain webpages. Personal data of 156,959 customers including financial information was impacted with the attacker accessing the personal data of all of the customers along with bank account numbers and sort code of 15,656. When imposing … Continue Reading ››
Although the UK's Information Commissioner handed out monetary penalties for serious breaches of the Data Protection Act for the first time this week, a new survey has suggested that UK consumers support even tougher sanctions for organisations that are guilty of losing personal data. In a poll of 5000 consumers, conducted for LogRhythm by OnePoll, 62 percent of consumers felt that organisations should receive large fines for data loss with 31 percent going as far as to suggest company directors should be subject to criminal proceedings. Further information about the survey and its findings can be found at the following URL: http://www.logrhythm.com/Company/PressReleases/UKsupportscompulsorydatalossdisclosure.aspx