What action we've taken in Q2 and what you can do to stay secure

Data security incidents, which are breaches of the seventh data protection principle or personal data breaches reported under the Privacy and Electronic Communications Regulations, are a major concern for those affected and a key area of action for the ICO. We have published this information to help organisations understand what we’re seeing and help them to take appropriate action.

What action we've taken in Q2

  • 18 July 2018 - Independent Inquiry into Child Sexual Abuse (IICSA) fined £200,000 for revealing identities of abuse victims in mass email.
  • 9 August 2018 - Lifecycle Marketing (Mother and Baby) Ltd, also known as Emma’s Diary, fined £140,000 for illegally collecting and selling personal information belonging to more than one million people.
  • 20 September 2018 - Equifax Ltd fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017.
  • 28 September 2018 - BUPA Insurance Services fined £175,000 for failing to have effective security measures in place to protect customers’ personal information.

What you've reported to us


What you can do to stay secure

  1. Consider metadata when redacting information.
  2. Check all data has been redacted and is not reversible before releasing.
  3. Get someone to double check redactions.