Equifax fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017
Published on: 21st September 2018
By PYXI GDPR Team
The story makes it clear that the Data Protection Act considers ANYONE who has access to and control of data to be in scope when it comes to establishing liability. In this case Equifax UK;
"failed to take appropriate steps to ensure its American parent Equifax Inc, which was processing the data on its behalf, was protecting the information."
This reinforces the need for organisations of all sizes to fully audit and understand the practices and policies of ALL parties working with the organisation's personal data. Failure to ensure the safety of an organisation's personal data when shared with a third party is the responsibility of the organisation itself, and this case shows that the ICO will take action against the organisation if they are negligent in this area.
PYXI GDPR Team: 21st Sep 2018 07:44:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
ICO Q2 Data Security Incident Trends
The ICO's figures for Q2 show that the most frequently reported data security incident relates to disclosure of data. The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single mo... click to read more