British Airways £183m data breach fine – should schools be worried?
In a word (or three) no, not really. Before we get overexcited about BA’s hefty fine, let’s put it in perspective and remember that for the moment it is the Information Commissioner’s Office intention to levy this fine – BA will now make representations about it.
In a word (or three) no, not really. Before we get overexcited about BA’s hefty fine, let’s put it in perspective and remember that for the moment it is the Information Commissioner’s Office intention to levy this fine – BA will now make representations about it.
Under the old rules the ICO could fine organisations up to £500k. You may remember that Facebook and Equifax got stung with £500k fines in late 2018 for breaches under the old rules and earlier that year Carphone Warehouse paid out £400k and Uber stumped up £385k.
Those fines don’t really make a dent to large organisations and that’s why the rules now allow for a fine of up to €20m or 4% of worldwide turnover. The details of the breach that led to the fine are not hugely relevant; the key point is that it was a cyber breach that led to the personal data or around 500,000 people being compromised, which included payment card details and log in information. So, the data stolen was significant in terms of volume and content.
Does this mean schools will be hit with similar fines? Personally, I don’t think so. We do need to take it seriously, not because of the big chunk of cash BA will be handing over, but because of what Elizabeth Denham said:
“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
Ask yourself this: if you had a data breach and faced the scrutiny of the ICO, how would you fare?
Here are my top tip tops to help you fare pretty well:
- Appoint and train your DPO and keep that training updated;
- Train staff and be able to evidence outcomes of that training;
- Carry out basic audits (and be able to evidence them) and then take steps to remedy any weaknesses;
- If you have a reportable breach, report quickly and fully;
- The fines can be hefty, so getting legal advice when managing a breach is worthwhile.
Contact
Dai Durbridge
Partner
dai.durbridge@brownejacobson.com
+44 (0)330 045 2105
You may be interested in...
Online Event
Wellbeing and financial considerations – practical solutions for challenging times
Legal Update
be connected - Spring 2023
Legal Update
Teacher strikes – lessons learnt so far
Opinion
Can toilet facilities amount to sex discrimination?
Legal Update
New support launched to manage school complaints
Legal Update
Cyber security and data breaches
Legal Update
#EdCon2023 virtual event hailed a success
Online Event
Flexible working in schools webinar
Legal Update
What does the new Provider Access Legislation mean for schools?
Legal Update
High Court dismisses Welsh RSE right to withdraw claim
Press Release
Browne Jacobson’s intellectual property lawyers ranked experts in World Trademark Review guide 2023
Opinion
Term-time school worker entitled to national minimum wage for unworked basic hours
On-Demand
Industrial action essentials: what you need to know
Legal Update
Education Software Solutions Limited breaks against the CMA’s intervention: A victory for freedom and flexibility in contracting for MIS services
Legal Update
Safeguarding at scale report published
Legal Update
Trade unions announce plans to re-ballot members
Legal Update
Widespread industrial action now confirmed for schools
Legal Update
Industrial action and minimum service levels within education
Opinion
Consultation on holiday entitlement – part-year and irregular workers
Guide
FAQs - converting to academy status
Guide
FAQs - becoming a sponsored academy
Guide
FAQs - becoming an academy sponsor
Guide
FAQs – single academy joining a MAT
Legal Update
EdCon2023 launch: Thursday 12 January
Legal Update
The importance of understanding the transitional provisions under the Electronic Communications Code
Legal Update
Biodiversity Net Gain: positive for nature and an opportunity for landowners
Legal Update
Discrimination comes of age
Legal Update
Protecting children and their data in the online environment
Guide
#EdCon2023: Access a range of expert guidance and resources at our FREE virtual conference
Legal Update
be prepared for the 2022-23 academic year
Legal Update
Teacher Pay Survey 2022
Legal Update
The Schools Bill – law no more
In July, we published an update on the Schools Bill with the news that the proposed legislation relating to new academy standards and extended intervention powers for academy trusts would be removed. Last week, we received broader news of the dropping of the Bill, with education secretary Gillian Keegan announcing that it will not reach its third reading in the House of Lords.Legal Update
be connected newsletter for schools - Winter 2022
Guide
Recruiting school staff on a budget – top tips
Regardless of the outcome of ballots on industrial action, unless there is drastic change to funding for schools in relation to pay increases, it will be unusual to find any organisational budget that is not impacted by the current economic situation.
Guide
Good governance essential to avoid falling foul of the ESFA
There’s been little evidence of interventions or financial management reviews this year and it appears the Education and Skills Funding Agency (ESFA) has re-focussed on financial delivery. It’s also telling that there were no discernible changes to the reporting of financial irregularities in the Academies Trust Handbook 2022.
Legal Update
Children's commissioner recommendations for SEND reform
The Children’s Commissioner, Rachel De Souza, has recently published a report “Beyond the labels: a SEND system which works for every child, every time”, which she intends to sit alongside the DfE’s SEND Review (2019) and SEND Green Paper (2022) and which she hopes will put children’s voices at the heart of the government’s review of SEND system.
Legal Update
Top three training topics 2022-23
As well as providing day-to-day support to help you focus on managing your settings, we also provide training and professional development on a range of topics to keep you and your staff up-to-date.
Legal Update
Hair discrimination – stop pupils being unfairly singled-out for their appearance
The Equality and Human Rights Commission (EHCR) recently issued new, non-statutory guidance regarding the wearing of natural or protective hairstyles, specifically in reference to their representation in uniform, behaviour or standalone appearance policies.
Opinion
The role of benchmarking in setting pay in schools
Emma Hughes, head of HR services at Browne Jacobson, explains how CST’s updated executive pay report and the linked benchmarking service from XpertHR can help trust boards make robust decisions on pay.
Legal Update
School complaint management - exploring a new way forward
There’s greater opportunity than ever for parents, carers and guardians to voice any concerns they have relating to their child’s education and for their concerns to be heard and to be taken seriously. While most staff in schools and academies are conscious of their legal duties relating to complaints management, many are struggling to cope with such a significant increase in the volume of complaints they must manage.