Fine for Heathrow Airport for Serious Data Protection Failings

Published on: 8th October 2018
By PYXI GDPR Team


The ICO issued a £120,000 to Heathrow Airport for a data breach that revealed seroius failings in their data protection. The ICO reports;

"On 16 October 2017 a member of the public found a USB memory stick, which had been lost by a HAL employee. The stick, which contained 76 folders and over 1,000 files was not encrypted or password protected. The member of the public viewed the material it contained at a local library. 

Although the amount of personal and sensitive personal data held on the stick comprised a small amount of the total files, of particular concern was a training video which exposed ten individuals’ details including names, dates of birth, passport numbers, and the details of up to 50 HAL aviation security personnel."

The use of unsecured memory sticks or flash drives can be significant data security risk where personal data is transfered or stored on them. Clear education and technical protections need to be in place in all organisations to ensure that such devices are fully protected when they're used in this way.

PYXI GDPR Team: 8th Oct 2018 09:37:00