These potentially huge fines against global organisations shows that the ICO is flexing its new and improved enforcement muscles that came into force in May. It also sends a strong message to organisations that the ICO means business.
Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.
“That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
In both cases neither BA nor Marriott were involved in any active wrongdoing and they did not breach rules. Instead, both instances involved third parties that took advantage of substandard security arrangements.
Although the ICO has not yet issued the full report on either investigation, it seems that failing to implement appropriate technical and organisational measures is why the fines are so high.
Cyber criminals are reportedly focusing ransomware attacks increasingly on local government authorities and enterprises because they are more likely to pay higher ransom demands when normal business operations are crippled.
The severity and nature of these attacks against the public sector organisations are particularly alarming but, for policing, the work the NEP is doing ensures police forces can better protect themselves.
The National Management Centre (NMC), which the National Enabling Programmes (NEP) is being rolled out across police forces, utilises a range of security tools, technologies and a specialist team of analysts that together are responsible for monitoring, hunting and helping to detect unknown, sophisticated and evasive cyber security threats.
Together they will help police forces ensure these threats can be locked down and eliminated before they can cause damage and disruption.