The Equifax mega-breach has now led to two UK regulators investigating the same cock-up. The ICO obviously jumped in straight away, as you’d expect, but now the FCA has turned up to the party, bottle of cheap Bulgarian red from the corner shop in sweaty hand, hoping there’s still some cake left.
This will be fun.
The ICO will still be stuck with its £500k fine limit (instead of the £94m it would have been next year) and the ability to speak very very sternly in its special voice.
The FCA (for all it has a reputation for being pusillanimous) is a beast of a different order. Maximum fine in this case? £472m. Substitute for special voice? Withdrawal of licence, suspension of operations, prosecutions of directors, revocation of authorised status for officers.
It is just conceivable (although I’d bet on it being the US regulator, not the UK, that makes the difference) that this is the first game over data breach. I think it’s at least safe to say that an example will be made.
There but for the grace of your preferred deity…