Blog
But what exactly did British Airways do wrong?
The ICO has found that between August 2018 and September 2018, personal data of about 500.000 individuals had been stolen from the British Airways servers due to a security lapse that the aircraft operator had been responsible for.
The compromised data includes:
• Login information,
• payment information,
• travel booking data,
• e-mail addresses, and
• information about names and addresses.
It is believed that while the data has been stolen, it was probably not misused or made public.
Such an incident represents a breach according to GDPR guidelines. The GDPR guidelines state that appropriate security measures must be put in place by data processors to avoid such loss or unauthorised disclosure of personal data. In the present case, a lack of IT security led to the theft of the data. This lack of adequate security measures can be classified as a breach of the relevant GDPR regulation. In such cases of a large number of affected persons, it is sufficient to make a public communication of the data violation.
In this context, it has to be mentioned that British Airways themselves notified the ICO of the data breach, and cooperated fully with the ICO. Considering these facts, it also seems probable that the airline also notified the concerned individuals in a proper way.
The amount of the penalty levied has been set at 1,5% of the company’s annual turnover of the year 2017.
The airline’s parent company International Airlines Group’s chief Willie Walsh has announced that the group plans to appeal the ICO’s decision, which has not come into force yet.
More articles:
Jasper Brinkman
Jasper Brinkman
"Following a devastating hotel fire in Prague, the law firm Holubová advokáti, led by attorney Klara Dvorakova, successfully represented our extended family as a group of victims. The firm navigated complex international insurance and compensation laws to defend our rights.
I would like to acknowledge the extraordinary efforts the firm had to make to bring our case to a successful compensation under extremely difficult circumstances."
Stewarts
Stewarts
"A visit to her daughter in London turned Eva's life upside down when she says she stepped into a crossing on a green light but was hit by a car. Despite her remarkable bravery, she faced a long treatment due to fractures in her pelvis, and the associated limitations and pain are likely to persist for the rest of her life. Regular headaches and impaired concentration compound her challenges.
Eva contacted us through an organization temporarily helping her manage her difficult living situation. At that time, she was destitute, relying only on subsistence payments. We were able to assist her because we specialize in personal injury and have contacts with proven colleagues abroad.
We worked with Stewarts, a UK law firm, on this case. Attorneys Klára Dvořáková and Rebecca Huxford helped Eva with the documentation in her case, explaining her options and the differences between the Czech and British systems of healthcare and social benefits reimbursement. Within a few months, thanks to the professional cooperation between the two offices, an offer of compensation from the insurance company of approximately CZK seven million was achieved. The client accepted this settlement because she did not want to deal with courts in the United Kingdom.
Subsequently, we assisted the client with related tax issues and contacted Auditone, a tax consultancy firm, which arranged for the filing of a tax return. Compensation for lost income is taxable, unlike most personal injury compensation.
'No one has done as much for me as you,' Eva said.
The fact that we were able to help Eva gives our work meaning and brings us great joy. We are very happy that, thanks to our many years of active involvement in the international professional organization PEOPIL, we can cooperate on such cases."