£21,474,000.00

That’s how much companies in the UK have been fined over the past 12 months for data breaches and contraventions of data protection law.

Sounds like a lot – or maybe it doesn’t, given how frequently data breaches are in the news. There’s a reason for that. Of the £21.5m, 76% is one fine. Not from the ICO, from the FCA. To Tesco, yesterday, for having poor cyber-security that resulted in a breach. You might remember that I pointed out how much the FCA can fine people it regulates, and that it’s interested in cyber-security as an issue.

The remaining £5m is made up of 34 different fines from the ICO. All of which were levied on offences committed back when the maximum fine the ICO could set was £500,000. It’s only ever used the maximum once. Yes, Equifax (see above). But there are lots of cases pending from after GDPR. Including BA. Possible maximum fine? £920m. Now who’s the big dog, eh, FCA?

Here’s the full list, for those who care. You can look up the details of each case on the ICO’s website (apart from Tesco, which is on the FCA’s site).

Who When Why  How much  From
Tesco 01/10/2018 Cyber-breach  £        16,400,000 FCA
Bupa 28/09/2018 Employee breach  £              175,000 ICO
Oaklands Assist 01/10/2018 PECR  £              150,000 ICO
Equifax 20/09/2018 Cyber-breach  £              500,000 ICO
Lifecycle Marketing 05/09/2018 Data misuse  £              140,000 ICO
AMS Marketing 01/08/2018 PECR  £              100,000 ICO
IICSA 18/07/2018 Negligent breach  £              200,000 ICO
Our Vault 28/06/2018 PECR  £                70,000 ICO
BT 20/06/2018 PECR  £                77,000 ICO
Gloucestershire Police 11/06/2018 Negligent breach  £                80,000 ICO
Bible Society 07/06/2018 Cyber-breach  £              100,000 ICO
Bayswater Medical Centre 23/05/2018 Negligent breach  £                35,000 ICO
University of Greenwich 21/05/2018 Cyber-breach  £              120,000 ICO
Yahoo! 21/05/2018 Cyber-breach  £              250,000 ICO
CPS 16/05/2018 Negligent breach  £              325,000 ICO
Costelloe & Kelly 01/05/2018 PECR  £                19,000 ICO
IAG Nationwide 01/05/2018 PECR  £              100,000 ICO
Approved Green Energy Solutions 18/04/2018 PECR  £              150,000 ICO
The Energy Saving Centre 18/04/2018 PECR  £              250,000 ICO
RBKC 16/04/2018 Data misuse  £              120,000 ICO
Royal Mail 06/04/2018 PECR  £                12,000 ICO
Humberside Police 05/04/2018 Negligent breach  £              130,000 ICO
Holmes Financial Solutions 31/01/2018 PECR  £              300,000 ICO
SSE 18/01/2018 Negligent breach  £                   1,000 ICO
Miss-sold Products UK 17/01/2018 PECR  £              350,000 ICO
Goody Market UK 11/01/2018 PECR  £                40,000 ICO
Barrington Claims 11/01/2018 PECR  £              250,000 ICO
TFLI 11/01/2018 PECR  £                80,000 ICO
Newday 11/01/2018 PECR  £              230,000 ICO
Carphone Warehouse 10/01/2018 Cyber-breach  £              400,000 ICO
Hamilton Digital Solutions 24/11/2017 PECR  £                45,000 ICO
Verso Group (UK) 01/11/2017 Transparency  £                80,000 ICO
The Lead Experts 13/10/2017 PECR  £                70,000 ICO
Vanquis Bank 09/10/2017 PECR  £                75,000 ICO
Xerpla 09/10/2017 PECR  £                50,000 ICO

ps – of course the FCA hasn’t ruled on Equifax yet. Let’s see if they put their marker down first…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.