The UK’s information watchdog has declared plans to charge the airline British Airways a record £183 million over the last year’s data breach. The Information Commissioner’s Office (ICO) said that “poor safety arrangements” at the firm result in the violation of bank card information, names, addresses, journey booking particulars, and logins for around 500,000 clients. The charge could be the largest the ICO has ever issued, far more than the £500,000 penalty against Facebook for the Cambridge Analytica scandal that affected hundreds of thousands. British Airways will now have 28 days to appeal the ruling before it’s made final.
In a press release, the Information Commissioner Elizabeth Denham stated that the lack of private data is “over an inconvenience” and said that firms ought to take appropriate measures “to guard basic privacy rights.”
This comes less than 12 months after the regulator charged Facebook £500,000 for the Cambridge Analytica scandal. However, Facebook’s fine was the utmost authorized amount allowed under the UK’s earlier data privacy law, the 1998 Data Safety Act. At the time regulators mentioned it would have been “significantly higher” under the brand new GDPR guidelines. GDPR allows an organization to be fined a maximum of 4% of its worldwide turnover; BA’s penalty amounts to 1.5% of its 2017 income.
Responding to the news, British Airways’ chief executive Alex Cruz stated that the corporate was “surprised and dissatisfied” by the ICO’s decision, and added that the corporate had found no proof of fraudulent operation on accounts connected with the breach. The ICO notes that the firm cooperated with its scrutiny, and has made security improvements since the rupture was brought in light.