The Information Commissioner’s Office (ICO) has issued a number of final civil monetary penalties in 2020, totalling £42,416,000. The reasons for the fines included breaches of Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act (DPA).
The data, contained in the ICO’s ‘work to recover fines’ report and analysed by the Parliament Street Think Tank, reveals a catalogue of fines issued across a variety of sectors.
The analysis shows the scale of the fines highlights the severity of the problem. A total of 17 penalties were issued last year according to official figures. The largest fine was given to British Airways in the transport and leisure sector on 16th October 2020 at a total of £20,000,000 for a breach of the Data Protection Act (DPA). This is followed by a fine of £18,400,000, issued to Marriott International Inc on 30thOctober 2020, also for a breach of the DPA.
The next largest was to Ticketmaster LTD, with a fine totalling £1,250,000 for data breaches on 13th November 2020. Then, DSG Retail Ltd, CRDNN Limited and Cathay Pacific all received fines totalling £500,000.
Additionally, CRDNN was with a £500,000 fine on 2nd March 2021 for breaches of Privacy and Electronic Communications Regulations (PECR).
The industry hit with the biggest fines was marketing with nine fines in total issued, followed by three fines issued to firms in the transport and leisure sector.
Additionally, the ICO issued three court orders for winding-up upon petitions in 2020. Trusted Futures Ltd received a penalty amount of £70,000, Superior Style Home Improvements received a penalty fee of £150,000 and Alistar Green Legal Services Ltd received a penalty fee of £90,000. All three organisations were given court orders in 2020.
Additionally, there were eight directors disqualified following ICO enforcement action in 2020. These directors have been disqualified for a number of years for conduct while acting for various companies.
“In today’s digital working environment, data security, recovery and protection is of vital importance. Unfortunately, it has become apparent that many business owners, workers and consumers are not aware of the need for backup and recovery services for their email service providers. Our own research even revealed that 40% of Office 365 users believe that Microsoft provides everything they need to protect their data and software.
“Whilst Office 365 does offer some level of security, even Microsoft suggests using a third party backup to ensure that data is fully protected and retrievable. Without it, organisations can be left prone to accidental data loss and even ransomware attacks.
“Thus moving forward, organisations should invest in a third-party data backup solution that runs in the cloud, to enable seamless, efficient and comprehensive backup of data on a granular level – allowing lost, stolen or misplaced data to be restored without delay.”