- Joined
- Mar 3, 2018
- Messages
- 1,713
The UK branch of Equifax was fined 500,000 pounds by the Information Commissioner's Office for failing to protect the personal info of around 15 million UK customers. If that fine seems rather modest, that's because it is. 500,000 pounds is the largest fine regulators can give under the Data Protection Act 1998, whereas Equifax would've faced up to 17.8 million pounds in fines under GDPR, which went into effect in May 2018.
Many of the people affected would not have been aware the company held their data; learning about the cyber attack would have been unexpected and is likely to have caused particular distress,' Commissioner Denham continues. 'Multinational data companies like Equifax must understand what personal data they hold and take robust steps to protect it. Their boards need to ensure that internal controls and systems work effectively to meet legal requirements and customers’ expectations. Equifax Ltd showed a serious disregard for their customers and the personal information entrusted to them, and that led to today’s fine.'
Many of the people affected would not have been aware the company held their data; learning about the cyber attack would have been unexpected and is likely to have caused particular distress,' Commissioner Denham continues. 'Multinational data companies like Equifax must understand what personal data they hold and take robust steps to protect it. Their boards need to ensure that internal controls and systems work effectively to meet legal requirements and customers’ expectations. Equifax Ltd showed a serious disregard for their customers and the personal information entrusted to them, and that led to today’s fine.'