Article written by Haim Ravia, Dotan Hammer and Adi Shoval
The UK Information Commissioner’s Office (“ICO”) announced a dramatic 90% reduction in the fine imposed on British Airways amid its data breach, from £183.39 million to £20 million.
The ICO published its original intent to impose the fine following an investigation that ultimately concluded that British Airways had violated its data security duties under the GDPR and that its violations prompted a data breach that compromised the data of about 500,000 of the company’s customers, including their names, addresses, flight information, and credit card information.
Approximately a year following the ICO’s initial statement, the British privacy regulator now decided to significantly reduce the fine, explaining that the company had promptly responded to the breach, notified the affected data subjects, and significantly cooperated with the ICO’s investigation. The ICO also explained that the reputational damage that British Airways sustained following the publication of the breach, as well as the financial difficulties that it faces this year due to the Coronavirus crisis, also were taken into consideration in the decision to reduce the fine.
CLICK HERE to read the ICO’s decision.