This week’s news that British Airways is facing a record fine of £183 million for a breach of its security systems has again put regulatory compliance in the spotlight.
The penalty, which is being challenged by BA, was handed down by the Information Commissioner's Office (ICO) and is the first to be made public under new rules.
It followed what BA described as a ‘sophisticated, malicious criminal attack’ on its website last year which the ICO said meant users were diverted to a fraudulent site. This led to the personal details of about 500,000 customers being harvested by the attackers.
Data breaches, malware and identity theft are big business. It has been reported that this year 2.7 billion identity records, amounting to 774 million unique email addresses and 21 million passwords, were posted on the web for sale. Names, email addresses and credit card details are among the personal details that can be stolen by hackers.
Articles in the media have also highlighted a report from cybersecurity firm Shape Security which revealed that at least 12 consumer companies reported data breaches in the last year.
This also showed that 80-90 per cent of the people who log in to a retailer's e-commerce site are hackers using stolen data.
Breaches of this nature are damaging for customers and also companies. They can harm the trust consumers have in certain brands, while reputational damage to affected companies is also a huge issue.
And it can be costly. The General Data Protection Regulation (GDPR) came into force in May 2018 and data breaches can cost firms up to four per cent of their annual turnover in fines. In BA’s case, the penalty was 1.5 per cent of turnover, so the ICO could have been even tougher.
Evidology was conceived to tackle compliance issues. It is a software solution that uses the basis of claims, argument and evidence, and incorporates data management, to ensure that organisations do everything possible to comply with a growing range of regulations.
Originally created to meet the requirements of GDPR, the system simplifies and standardises the approach to compliance and is now applicable to every type of regulation and policy, irrespective of sector, market or geographical location.
We operate in the UK, USA, Australia and India and our software provides reassurance and compliance protection. By ensuring that data is in the right place, customers can guard against breach and the potential for fines under various legislation.
Evidology is applicable for businesses and organisations of various sizes and our formal partnership with the BusinessOptix cloud-based platform makes it more readily available.
Those who are entrusted to look after personal details must ensure they do so, or run the risk of hefty penalties, as BA and others may experience.