[BreachExchange] Agents warned that data breaches could cost them far more than £80,000

Destry Winant destry at riskbasedsecurity.com
Tue Jul 23 01:42:33 EDT 2019


https://www.propertyindustryeye.com/agents-warned-that-data-breaches-could-cost-them-far-more-than-80000/

Agents who breach data requirements could be hit with penalties far
greater than the £80,000 levied against London agent Life at
Parliament View Limited.

The warning has come from lawyer Andrew Logan, head of regulatory at
law firm Gordons, following the case.

LPVL, an ARLA firm, was penalised by the Information Commissioner’s
Office after data was transferred to an outsourced firm, described as
a letting transaction service.

The data was transferred without access restrictions, allowing anyone
to go online to look at 18,610 customers’ personal data for a period
of two years.

The data included details of bank statements, salaries, copies of
passports, dates of birth and addresses of tenants and landlords.

However, the breach took place before new regulations – and the
punishment regime is now far harsher.

Logan said: “LPVL can count itself lucky that this data breach
occurred before the EU’s General Data Protection Regulation (GDPR)
came into force last year.

“Already this month we’ve seen British Airways and Marriott Hotels
being given notice by the ICO of their intention to issue fines of
£183.39m and £99.2m respectively for poor performance when it comes to
protecting their customers’ data, after the ICO was given greater
powers under GDPR.

“If an organisation is in serious breach of GDPR – as has been ruled
in these recent high profile cases – the ICO (and other regulators
across Europe) can now issue a penalty notice for up to 4% of annual
global turnover or €20m, whichever is higher.

“This figure was previously capped at £500,000. Although LPVL will be
hit hard by the £80,000 fine, it could have been far higher under
GDPR.

“It’s easy to see the financial impact this could have on a company,
particularly those without the financial clout of British Airways or
Marriott Hotels, and this is yet another reminder to organisations
about the importance of data protection.”


More information about the BreachExchange mailing list