0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

British Airways £183m data breach fine – should schools be worried?

17 July 2019

In a word (or three) no, not really. Before we get overexcited about BA’s hefty fine, let’s put it in perspective and remember that for the moment it is the Information Commissioner’s Office intention to levy this fine – BA will now make representations about it.

Under the old rules the ICO could fine organisations up to £500k. You may remember that Facebook and Equifax got stung with £500k fines in late 2018 for breaches under the old rules and earlier that year Carphone Warehouse paid out £400k and Uber stumped up £385k.

Those fines don’t really make a dent to large organisations and that’s why the rules now allow for a fine of up to €20m or 4% of worldwide turnover. The details of the breach that led to the fine are not hugely relevant; the key point is that it was a cyber breach that led to the personal data or around 500,000 people being compromised, which included payment card details and log in information. So, the data stolen was significant in terms of volume and content.

Does this mean schools will be hit with similar fines? Personally, I don’t think so. We do need to take it seriously, not because of the big chunk of cash BA will be handing over, but because of what Elizabeth Denham said:

“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

Ask yourself this: if you had a data breach and faced the scrutiny of the ICO, how would you fare?

Here are my top tip tops to help you fare pretty well:

  1. Appoint and train your DPO and keep that training updated;
  2. Train staff and be able to evidence outcomes of that training;
  3. Carry out basic audits (and be able to evidence them) and then take steps to remedy any weaknesses;
  4. If you have a reportable breach, report quickly and fully;
  5. The fines can be hefty, so getting legal advice when managing a breach is worthwhile.

training and events


ISBL regional Conference Sheffield

Browne Jacobson’s Associate Sophie Jackson discusses the rise in growth of SEN and the impact of this on schools. Please note that this event was postponed from June 2020.

View event


CST Inaugural Annual Conference Hilton Metropole, NEC, National Exhibition Centre, Pendigo Way, Marston Green, Birmingham, B40 1PP

Come and meet the team at CST’s Inaugural Annual Conference this summer. Partner Nick MacKenzie will also be delivering a workshop on governance leadership.

View event

focus on...

Upcoming webinars

Negotiating contracts under PPN04/20 with Bishop Fleming

This webinar will explore the potential pitfalls of contract negotiation and the regularity implications for Academies. After the webinar you will be well prepared to ensure that you have commercially competitive contracts, that also comply with the Academies Financial Handbook.


Keeping children safe 2020 – managing allegations and agency staff

Our leading HR and safeguarding experts Emma Hughes and Dai Durbridge will provide you with all the information you need in order to meet your statutory obligations in the on-demand recording.


Back to School - preparing for the reopening of schools in September

Schools in England were closed other than to the children of key workers and children who are classified as vulnerable from 20th March as part of the management of the coronavirus pandemic. As part of the relaxation of lockdown measures many primary schools in England began a phased reopening for pupils from 15th June.


Legal updates

Admissions during Covid-19

Whilst the Department for Education (DfE) has implemented statutory changes to elements of the frameworks relating to admission appeals, exclusions and special educational needs, there have been no changes relating to the legislation relating to admissions.


The content on this page is provided for the purposes of general interest and information. It contains only brief summaries of aspects of the subject matter and does not provide comprehensive statements of the law. It does not constitute legal advice and does not provide a substitute for it.

mailing list sign up

Select which mailings you would like to receive from us.

Sign up