https://community.isc2.org/t5/Privacy/First-big-fine-by-ICO/m-p/24849#M806 <P>This case, although painful for BA, will and should be raised as a what if risk example at all senior executive boards in forthcoming weeks. I would be interested if anybody in this community has any references or good examples of non technical briefings as to the web site hack.&nbsp;</P> Tue, 09 Jul 2019 08:59:15 GMT Wakeling_S 2019-07-09T08:59:15Z https://community.isc2.org/t5/Privacy/First-big-fine-by-ICO/m-p/24766#M802 <P>I suppose it had to happen; the first big fine under GDPR in the UK for a data breach; 1.5% of its worldwide revenue.&nbsp; &nbsp;<A href="https://www.bbc.co.uk/news/business-48905907" target="_blank">https://www.bbc.co.uk/news/business-48905907</A></P><P>&nbsp;</P><P>&nbsp;</P> Mon, 08 Jul 2019 07:24:07 GMT https://community.isc2.org/t5/Privacy/First-big-fine-by-ICO/m-p/24766#M802 Steve-Wilme 2019-07-08T07:24:07Z https://community.isc2.org/t5/Privacy/First-big-fine-by-ICO/m-p/24774#M803 <P><FONT size="3"><A href="https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/statement-ico-announces-intention-to-fine-british-airways/" target="_blank" rel="noopener">ICO Statement :Intention to fine British Airways £183.39m under GDPR for data breach</A></FONT></P> Mon, 08 Jul 2019 12:48:02 GMT https://community.isc2.org/t5/Privacy/First-big-fine-by-ICO/m-p/24774#M803 leroux 2019-07-08T12:48:02Z https://community.isc2.org/t5/Privacy/First-big-fine-by-ICO/m-p/24849#M806 <P>This case, although painful for BA, will and should be raised as a what if risk example at all senior executive boards in forthcoming weeks. I would be interested if anybody in this community has any references or good examples of non technical briefings as to the web site hack.&nbsp;</P> Tue, 09 Jul 2019 08:59:15 GMT https://community.isc2.org/t5/Privacy/First-big-fine-by-ICO/m-p/24849#M806 Wakeling_S 2019-07-09T08:59:15Z https://community.isc2.org/t5/Privacy/First-big-fine-by-ICO/m-p/24854#M807 <P>It sounds diluted to me. Wouldn't be 4% what applies in these cases?</P> Tue, 09 Jul 2019 10:36:29 GMT https://community.isc2.org/t5/Privacy/First-big-fine-by-ICO/m-p/24854#M807 pcarner 2019-07-09T10:36:29Z https://community.isc2.org/t5/Privacy/First-big-fine-by-ICO/m-p/24879#M809 <P><SPAN>You are right.&nbsp;</SPAN><SPAN>The ICO's intended fine isn't the maximum. For British Airways, the potential fine amounts to 1.5% of its annual turnover in 2017, under half of the maximum GDPR penalty of 4% of annual turnover. If the ICO had deemed it appropriate, it could have issued a fine of over £450m.</SPAN></P><P>&nbsp;</P><P><SPAN>But this&nbsp;is four times the size of the previous largest fine – that €50m penalty was issued to Google by the French data protection authority for a lack of transparency in its advertising</SPAN></P><LI-SPOILER>&nbsp;</LI-SPOILER> Tue, 09 Jul 2019 13:43:22 GMT https://community.isc2.org/t5/Privacy/First-big-fine-by-ICO/m-p/24879#M809 leroux 2019-07-09T13:43:22Z