UK’s Information Commissioner Office(ICO) has disclosed that it has slapped multiple penalties on companies that failed to protect the information of its customers from data breaches last year. And estimates are in that the amount could total around £42 million that includes the £20m penalty slapped on British Airways and Marriott Hotel Chain.
According to a research carried out by law firm RPC, the British ICO pronounced similar penalties amounting to just £2.5m in 2019.
RPC report released on August 27th,2021 states that British Airways had to initially face a penalty of £183m for failing to protect the information such as named, phone numbers, email addresses, credit card details, their expiry dates, and CVV codes of its 500,000(appx) customers in 2018- as per the May 2018 GDPR rules. However, the data watchdog reduced the fine to a double digit figure in early 2020 as the British Airways was severely hit by Corona Virus pandemic started global shutdown of air travel.
Similarly, ICO also slapped a fine of £18.4m on Marriott hotels last year as it failed to protect data of its 339m customers as hackers accessed sensitive info of guests and that includes over 7m guests from UK.
So, where does the money go?
ICO pronounced penalties when paid go directly to the British Treasury and based on some evidential circumstances, the money from the penalty may also be divided as compensation among breach affected victims.