Equifax fined £500,000 for data security breach

Posted on 21 September 2018

Equifax fined £500,000 for data security breach

The Information Commissioner's Office (ICO) has served the credit reference agency Equifax with a monetary penalty of £500,000 for global security failings in 2017 which compromised the personal data of 15 million UK data subjects.

Data Protection Advisor Jon Baines said "It is important that, because the failings in question were from 2017, the applicable law was the now-repealed Data Protection Act 1998, and not the General Data Protection Regulation (GDPR). £500,000 was the maximum "fine" available under the old law, whereas the maximum under GDPR is E20m or 4% of global annual turnover (whichever is higher).

Equifax will no doubt be smarting from this regulatory action, but also counting themselves fortunate that GDPR did not already apply, with its potentially much higher sanctions. The worldwide effect of the security breach involved 146 million people, and other regulators will be observing the ICO's action with interest.

It took ICO eight years to serve a maximum penalty under the old law – one wonders how long it will be before we see signs of the increased "fines" under GDPR emerging".

Related links

Verdict
RiskXtra
Law360
Silicon

An
How can we help you?

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

Crisis Hotline

Emergency number:

I'm a client

Please enter your first name
Please enter your last name
Please enter your enquiry
Please enter a value

I'm looking for advice

Please enter your first name
Please enter your last name
Please enter your enquiry
Please select a department
Please select a contact method

Something else

Please enter your first name
Please enter your last name
Please enter your enquiry
Please select your contact method of choice