ICO issues maximum fine for Equifax breach

Equifax has been fined the maximum £500,000 penalty for its breach last year which exposed data belonging to 146 million people around the world, including 15 million in the UK.

The ICO investigation found that, although the information systems in the US were compromised, Equifax Ltd was responsible for the personal information of its UK customers. The UK arm of the company failed to take appropriate steps to ensure its American parent Equifax Inc, which was processing the data on its behalf, was protecting the information.

Multiple failures at the credit reference agency led to personal information being retained for longer than necessary and vulnerable to unauthorised access, the ICO found.

The company contravened five out of eight data protection principles of the Data Protection Act 1998 including, failure to secure personal data, poor retention practices, and lack of legal basis for international transfers of UK citizens’ data.

The penalty imposed represents the maximum allowed under the previous legislation. The investigation was carried out under the Data Protection Act 1998, as the failings occurred before the rather more strict GDPR came into force in May of this year.

    Share Story:

Recent Stories

Are property insurers ready for timber
The Structural Timber Association is gearing up to help all stakeholders in the construction supply chain to fully appreciate the advantages of building in timber, how to deliver such projects and most importantly to understand and manage the risks.

The changing face of BC and WAR
The working environment has changed quite dramatically for many over the last six months. With social distancing and the rise of homeworking, it is not just how businesses operate that has changed, but also how they recover. In this podcast we discuss some of the challenges created by the quick shift to home working, why the office may not have seen its last days and how the current environment can impact the ability of a business to recover.