What action we've taken in Q4 2019-20 and what you can do to stay secure
Data security incidents, which are breaches of the seventh data protection principle or personal data breaches reported under the Privacy and Electronic Communications Regulations, are a major concern for those affected and a key area of action for the ICO. We have published this information to help organisations understand what we’re seeing and help them to take appropriate action.
Fines and enforcement notices
- January 2020: The ICO has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.
- March 2020: The ICO has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data. Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed.
What you've reported to us
- These figures are based on the number of reports of personal data breaches received by the ICO during Q4 2019-20. These figures are based on the number of reports submitted by the data controller, not necessarily the number of incidents.