Skip to main content

The ICO dished out tens of millions in fines last year

digital banking money bank
(Image credit: Shutterstock)

The UK data protection watchdog issued dozens of fines last year to companies in breach of Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act (DPA).

According to a report from the Parliament Street think tank, the Information Commissioner’s Office (ICO) fined 17 companies a total of $58.8 million last year. The bulk of this sum ($27.7m) came from British Airways (BA), which was penalized for exposing the personal data of 400,000 customers.

The second-largest fine, weighing $25.5m, fell on Marriott International. The hotel chain exposed the personal data, including passport numbers, of 339 million guests back in 2018. The company had acquired Starwood Hotels, unaware that its systems were already compromised, and was said to have failed to do its due diligence.

Ticketmaster rounds out the top three, with a fine of $1.7 million for data breaches on November 13, 2020. 

“Moving forward, organizations should invest in a third-party data backup solution that runs in the cloud, to enable seamless, efficient and comprehensive backup of data on a granular level – allowing lost, stolen or misplaced data to be restored without delay,” said Charlie Smith, Consultant Solutions Engineer, Barracuda Networks.