Equifax Fined For Failing To Protect Customer Data, So How Can You Avoid The Same Mistakes?
After a recent investigation into the security breach of credit reference agency, Equifax, the Information Commissioner’s Office (ICO) has fined the company £500,000. The breach, which happened between May 2017 – June 2017, saw hundreds of UK customers personal information stolen from their systems.
The data, which was accessed and stolen, ranged from names and dates of birth to addresses, passwords, driving licence and financial details.
Speaking to Sky News, Information commissioner Elizabeth Denham said:
“The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce.”
The attack on Equifax affected 146 million customers globally and occurred prior to the new GDPR legislation coming into effect earlier this year. The £500,000 fine imposed on its UK operation is the highest possible under the Data Protection Act 1998, which was in operation at the time of the data breach.
The new General Data Protection Regulation (GDPR) allows for penalties of up to €20m euros (£17.7m) or 4% of global turnover, whichever is higher. In the case of Equifax, this could have amounted to £120m if the attack had occurred after the introduction of GDPR legislation.
With multiple companies coming into the firing line from new GDPR legislation, it’s an absolute necessity that internal and customer data is protected.
ELAS legal consultant, Enrique Garcia, explains how companies can work towards protecting their customers and employee’s data:
GDPR requires all companies that control or process personal and sensitive data of individuals to protect it Companies need to put technical and organisational measures in place Technical measures include good antivirus software, encryption etc. Organisational measures include good policies and management systems regarding the use of information and the IT systems All staff should be trained comprehensively on the technical and organisational measures Breaches of the rules should be handled with retraining and possible disciplinary action The more risky the data, the more measures need to be tight and controlled well
If you’re concerned about how to keep your company’s data protected or are interested in an onsite GDPR training course please contact our team on 08450 50 40 60.