Sometimes I love the ICO

The ICO has finally delivered its verdict in the TalkTalk hacking case. They’ve fined them £400k, which is a record for the current regime, and made some very telling comments – many of which echo things you’ll have heard before, if you read this blog regularly.

Three key take-aways, I think:

  1. £400k sounds like a lot, and TalkTalk are certainly bleating about it, but from 2018 it could have been £17.5m – or even £71.8m. That’s how much more serious the penalties will be under the forthcoming General Data Protection Regulation.
  2. The hack used a well-known technique that could easily have been prevented. Failing to remedy these known issues, combined with failure to encrypt, lie behind the scale of the fine.
  3. Elizabeth Denham, the information commissioner – who is definitely a good egg – made it very clear that cyber security is a board issue. So glad it’s not just me saying that.

The database that was compromised – and you have to wonder why it was accessible through their public website in the first place – was inherited as part of their take over of Tiscali. So one more thought: don’t forget to include IT and cyber-security in your due diligence if you’re doing any M&A.

One thought on “Sometimes I love the ICO

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.