Lock down your data – or get the cheque book out: ICO privacy violation fines are rising, say lawyers

You can thank GDPR for that

Violating Europe's General Data Protection Regulation (GDPR) rules is a costly mistake that is only getting more expensive, according to lawyers totaling up fines from the UK's Information Commissioner's Office (ICO).

Law firm Reynolds Porter Chamberlain (RPC) today said it has been tracking ICO fines since 2016 and has found that, over the four-year period, the average amount of money taken from punished violators has tripled from £73,645 ($92,560) to £216,200 ($271,730). Most of the increase, says RPC, is the result of the GDPR.

Since the privacy regulations were activated in May 2018, the ICO fined businesses an estimated £5.96m, and the average penalty went up 194 per cent, the law firm says. We note that although the ICO can fine organizations, the money isn't always coughed up.

And that total is set to grow substantially over the short term, thanks to planned penalties of £183m ($230m) against British Airways and £99m ($124m) against Marriott for their respective data fumbling.

Thumb down to Facebook

Facebook accused of trying to bypass GDPR, slurp domain owners' personal Whois info via an obscure process


The overall increase, say the legal eagles, is not a coincidence. The ICO is making a point of going after big business in order to send a message.

"This suggests that the ICO is being selective about its enforcement targets," said Richard Breavington, a partner at London-based RPC. "However, this new wave of blockbuster fines that the ICO has said it plans to impose shows that pressure on businesses is only likely to increase."

While this will be welcome news to everyone tired of the endless parade of careless companies spilling people's private information, it is a prospect that will keep many business owners up at night. Particularly now that so many employees find themselves working remotely due to the pandemic, far away from the security controls of their corporate networks.

Breavington reckons that the work-from-home transition is only going to mean more lapses in data security and an increase in companies running afoul of GDPR.

"Although many businesses now have robust systems in the workplace to protect against hackers, some might not have the same measures in place to protect against staff working from home," he said. "In addition, there is nobody on the ground to enforce basic protocols to protect against hacking."

That being said, the ICO has also suggested [PDF] it will be easing up a little on those who leak data while short-staffed and outgunned by hackers amidst the pandemic.

The office says it will be showing some restraint in who it goes after for fines over the next few months.

"As a public authority, we must act in a manner which takes into account these circumstances," the ICO says. "The law gives us flexibility around how we carry out our regulatory role, which allows us to recognise and engage with the unique challenges the country is facing." ®

Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading

Biting the hand that feeds IT © 1998–2022