- The fine that was imposed by the UK data protection commissioner was roughly 10% of what was announced last year.
- ICO has taken a more gentle approach against British Airways, as the airline business isn’t going great this year.
- British Airways has also shown diligence in applying all of the appropriate security and data protection measures.
Last year, the UK Information Commissioner’s Office (ICO) expressed willingness to impose a pretty hefty fine on British Airways, following the uncovering of the 2018 data breach incident. According to GDPR regulations, the carrier airline has to pay a fine for exposing approximately 565,000 people’s full names, email addresses, and full credit card details.
ICO was allegedly going to take a very harsh stance against British Airways, suggesting amounts of up to £183 million ($230 million). The ICO announced the actual fine today, and it’s only £20 million ($25.85 million), almost one-tenth of the amount proposed last year.
The investigation of the UK data protection watchdog concluded that British Airways failed to protect its customers on multiple levels, missing numerous opportunities to discover and mitigate the hacker attacks that resulted in the data breach. As the ICO characteristically points out, the airline could have applied various measures that were not technically complex nor expensive to implement at the time, but still failed to do it.
There are two main reasons why the ICO decided to push British Airways to a more cushioned pit. First, the airline has taken the security of its customer data a lot more seriously since the 2018 incident, and they have now applied state-of-the-art protection systems and all of the suggested precautionary measures. Thus, the firm has shown a willingness to comply with the strict regulatory context in an impressive way.
Secondly, COVID-19 has brought the airline industry down to its knees, and if the ICO was to impose a $230 million fine on British Airways, the company would be placed in a really difficult situation. Obviously, the Brits wouldn’t want to risk the very existence of their flag carrier airline, no matter how bad it screwed up people two years ago. The situation has changed fundamentally now, and the new factors had to be taken into account.