Further Action Against Equifax Following 2016 Data Breach
Published on: 4th December 2018
By PYXI GDPR Team
A fine of £385,000 has been handed to Equifax Ltd for not doing enough to protect 15 million UK customers' data records. Although the breach was in the US, the US parent company Equifax Inc managed data services for Equifax Ltd.
"The UK arm of the company failed to take appropriate steps to ensure its American parent Equifax Inc, which was processing the data on its behalf, was protecting the information."
This case highlights the importance of shared / inherited liability for data processing under the new Data Protection Act 2018 and GDPR. As an organisation you have an obligation to ensure the compliance of all the data processors in your network.
PYXI GDPR Team: 4th Dec 2018 07:46:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
ICO Q2 Data Security Incident Trends
The ICO's figures for Q2 show that the most frequently reported data security incident relates to disclosure of data. The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single mo... click to read more