Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

TalkTalk's appeal against paltry ICO data breach fine thrown out

Penalty amounted to roughly one hour of CEO's billable time

TalkTalk has lost its appeal against the Information Commissioner's Office decision to fine the company £1,000 for a data breach last year.

The ICO imposed a monetary penalty on TalkTalk for its failure to notify the Commissioner of a personal data breach within 24 hours after its detection, in circumstances it considered were feasible for TalkTalk to have done so.

On 16 November 2015, one TalkTalk customer accidentally obtained unauthorised access to the personal data of another customer and was able to see their name, address, telephone numbers, email addresses and date of birth.

This occurred due to a problem with one of TalkTalk’s mechanisms for keeping its customers’ personal data secure – specifically, the password mechanism by which customers access their TalkTalk accounts online.

The customer wrote a detailed letter to TalkTalk on 18 November 2015. At the same time the customer raised the matter with the Information Commissioner.

TalkTalk’s main issue with the subsequent ICO penalty was that it only became sufficiently aware of the data breach after it concluded its own investigation into the issues raised by the customer.

However, the First Tier Tribunal General Regulatory Chamber was unanimous in dismissing the appeal (PDF). It considered the level of detail in the customer’s letter of 18 November "led to the inevitable conclusion that there was no other explanation for what had occurred other than that there had been a personal data breach."

A TalkTalk spokeswoman said: “We’re aware of our obligations to the ICO and believe that we acted within the given time limit.”

Last year TalkTalk exec Dido Harding pocketed £2.8m in salary. There are roughly 250 working days in the year. So even if Harding did not take any annual leave, her average daily income last year would have been £11,200.

That means the £1,000 fee imposed by the ICO on TalkTalk would have been worth less than one hour of Harding's time. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like