ICO issued fines of £42m last year
The Information Commissioner’s Office (ICO) issued penalties totalling £42.4 million last year, according to new figures.
The data, contained in the ICO’s ‘work to recover fines’ report and analysed by the Parliament Street think tank, reveals a catalogue of fines issued across a variety of sectors.
The reasons for the fines included breaches of the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act (DPA).
A total of 17 penalties were issued last year according to the figures.
The largest fine was handed to British Airways in the transport and leisure sector on 16 October 2020 – £20m for a breach of the DPA. This was followed by a fine of £18.4m, issued to Marriott International Inc in the same month, also for a breach of the DPA.
The next greatest fine was issued to Ticketmaster LTD, of £1.25m for data breaches on 13 November 2020. DSG Retail Ltd, CRDNN Limited and Cathay Pacific all received fines totalling £500,000.
Additionally, CRDNN was given a £500,000 fine on 2 March 2021 for breaches of PECR.
The industry hit with the biggest fines was marketing, against which nine fines in total were issued, followed by three fines issued to firms in the transport and leisure sector.
Charlie Smith, consultant solutions engineer, Barracuda Networks said: “In today’s digital working environment, data security, recovery and protection is of vital importance. Unfortunately, it has become apparent that many business owners, workers and consumers are not aware of the need for backup and recovery services for their email service providers. Our own research even revealed that 40 per cent of Office 365 users believe that Microsoft provides everything they need to protect their data and software.
“Whilst Office 365 does offer some level of security, even Microsoft suggests using a third party backup to ensure that data is fully protected and retrievable. Without it, organisations can be left prone to accidental data loss and even ransomware attacks.
“Thus moving forward, organisations should invest in a third-party data backup solution that runs in the cloud, to enable seamless, efficient and comprehensive backup of data on a granular level – allowing lost, stolen or misplaced data to be restored without delay.”