In this episode of Life with GDPR, Jonathan Armstrong and Tom Fox consider the recently released UK Information Commissioner’s Office (ICO) Cathay Pacific Airways Limited fine of £500,000 for failing to protect the security of its customers’ personal data. This is a pre-GDPR case and the fine represents the maximum fine under the ICO’s pre-GDPR powers. The ICO took into particular account the fact that Cathay Pacific failed to follow its own policies and ignored fundamental best practices.

Some of the highlights in this episode include:

  1. What were the background facts of the enforcement action?
  2. What are the implications of a pre-GDPR enforcement action?
  3. Why was the maximum fine levied?
  4. What were the regulators findings?
  5. What are the lessons learned for the data protection practitioner?
  6. Where listeners can go for more information.

Resources

Cordery Breach Navigator

Cordery Client Alert “Client Alert: ICO Fines Cathay Pacific £500k for Data Security Breach