£42m worth of fines issued by ICO in 2020 for privacy and data breaches

  • Last year, over £42m worth of fines were issued by the Information Commissioner’s Office (ICO) for reasons including breaches of Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act (DPA).

    The number of final civil monetary penalties in 2020 totalled £42,416,000 according to the data, contained in the ICO’s ‘work to recover fines’ report and analysed by the Parliament Street Think Tank.

    A total of 17 penalties were issued across the year, with the largest fine given to British Airways on 16 October 2020 at a total of £20m for a breach of the DPA.

    This is followed by a fine of £18,400,000, issued to Marriott International Inc just two weeks later on 30 October 2020, also for a breach of the DPA.

    RELATED: Facebook data breach: Check if your phone number was leaked

    The next largest fine was to Ticketmaster LTD, totalling £1,250,000 for data breaches on 13 November 2020. Then, DSG Retail Ltd, CRDNN Limited and Cathay Pacific airlines all received fines totalling £500k.

    The ICO imposed the maximum fine of half a million pounds on CRNN for a breach of the PECR, as the company made more than 193 million automated nuisance calls.

    The company was then also given another £500k fine on 2 March 2021 for breaches of the PECR again.

    The industry hit with the biggest fines was marketing, with nine fines in total issued, followed by three fines issued to firms in the transport and leisure sector.

    Additionally, the ICO issued three court orders for winding-up upon petitions in 2020.

    Trusted Futures Ltd received a penalty amount of £70k, Superior Style Home Improvements received a penalty fee of £150k and Alistar Green Legal Services Ltd received a penalty fee of £90k. All three organisations were given court orders in 2020.

    RELATED: £6m funding available to UK businesses to improve digital security by design

    There were eight directors disqualified following ICO enforcement action in 2020 too and they have been disqualified for a number of years for conduct while acting for various companies.

    Charlie Smith is a Consultant Solutions Engineer at IT security firm, Barracuda Networks.

    He commented: “In today’s digital working environment, data security, recovery and protection is of vital importance. Unfortunately, it has become apparent that many business owners, workers and consumers are not aware of the need for backup and recovery services for their email service providers.

    "Our own research even revealed that 40% of Office 365 users believe that Microsoft provides everything they need to protect their data and software.

    “Whilst Office 365 does offer some level of security, even Microsoft suggests using a third party backup to ensure that data is fully protected and retrievable. Without it, organisations can be left prone to accidental data loss and even ransomware attacks.

    “Thus moving forward, organisations should invest in a third-party data backup solution that runs in the cloud, to enable seamless, efficient and comprehensive backup of data on a granular level – allowing lost, stolen or misplaced data to be restored without delay.”

    About the author

    Niamh is a Sync NI writer with a previous background of working in FinTech and financial crime. She has a special interest in sports and emerging technologies. To connect with Niamh, feel free to send her an email or connect on Twitter.

    Got a news-related tip you’d like to see covered on Sync NI? Email the editorial team for our consideration.

    Sign up now for a FREE weekly newsletter showcasing the latest news, jobs and events in NI’s tech sector.

Share this story