Equifax fined £500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017

Published on: 21st September 2018

The ICO reported that Equifax has been handed down one of the biggest fines to date for a data breach. You can read the full story here.

The story makes it clear that the Data Protection Act considers ANYONE who has access to and control of data to be in scope when it comes to establishing liability. In this case Equifax UK;

"failed to take appropriate steps to ensure its American parent Equifax Inc, which was processing the data on its behalf, was protecting the information."

This reinforces the need for organisations of all sizes to fully audit and understand the practices and policies of ALL parties working with the organisation's personal data. Failure to ensure the safety of an organisation's personal data when shared with a third party is the responsibility of the organisation itself, and this case shows that the ICO will take action against the organisation if they are negligent in this area.

PYXI GDPR Team: 21st Sep 2018 07:44:00