British Airways £183m data breach fine – should schools be worried?
In a word (or three) no, not really. Before we get overexcited about BA’s hefty fine, let’s put it in perspective and remember that for the moment it is the Information Commissioner’s Office intention to levy this fine – BA will now make representations about it.
In a word (or three) no, not really. Before we get overexcited about BA’s hefty fine, let’s put it in perspective and remember that for the moment it is the Information Commissioner’s Office intention to levy this fine – BA will now make representations about it.
Under the old rules the ICO could fine organisations up to £500k. You may remember that Facebook and Equifax got stung with £500k fines in late 2018 for breaches under the old rules and earlier that year Carphone Warehouse paid out £400k and Uber stumped up £385k.
Those fines don’t really make a dent to large organisations and that’s why the rules now allow for a fine of up to €20m or 4% of worldwide turnover. The details of the breach that led to the fine are not hugely relevant; the key point is that it was a cyber breach that led to the personal data or around 500,000 people being compromised, which included payment card details and log in information. So, the data stolen was significant in terms of volume and content.
Does this mean schools will be hit with similar fines? Personally, I don’t think so. We do need to take it seriously, not because of the big chunk of cash BA will be handing over, but because of what Elizabeth Denham said:
“People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
Ask yourself this: if you had a data breach and faced the scrutiny of the ICO, how would you fare?
Here are my top tip tops to help you fare pretty well:
- Appoint and train your DPO and keep that training updated;
- Train staff and be able to evidence outcomes of that training;
- Carry out basic audits (and be able to evidence them) and then take steps to remedy any weaknesses;
- If you have a reportable breach, report quickly and fully;
- The fines can be hefty, so getting legal advice when managing a breach is worthwhile.
Contact
Dai Durbridge
Partner
dai.durbridge@brownejacobson.com
+44 (0)330 045 2105
You may be interested in...
Press Release
Browne Jacobson’s School Leaders Survey shows exclusions and suspensions at an all-time high
Legal Update - Employment Rights Bill
The Employment Rights Bill: Is it here yet?
Legal Update - School leaders survey
Survey shows growing dissatisfaction with government policy amidst financial uncertainty
Online Event
AI at the coalface: Navigating the practicalities in education
Legal Update
Academy Trust Handbook 2025: Managing public money
Opinion
Updates to academy trust governance: A missed opportunity?
Legal Update
Executive pay and the Academy Trust Handbook: Clarity, challenge and good governance
On-Demand
School exclusions: A review of the latest developments and looking to the year ahead
Opinion
Pride Month: A time to review DEI
Guide
Legal project management: A cornerstone in operational delivery of inquiries
Legal Update
Data (Use and Access) Act 2025: What schools and trusts need to know
Opinion
Employer redundancy guide: Sourcing alternative employment
Press Release - Firm news
Browne Jacobson delivers record-breaking growth as strategic vision drives exceptional performance
Legal Update
What might the public inquiry on child sexual exploitation look like
Legal Update
DEI in school governance: Key themes and insights
Opinion
Spending Review: Setting the stage for UK investment
Guide
The socio-economic duty: Shifting mindsets for true social mobility
Press Release
Spending Review 2025: Browne Jacobson lawyers respond to Chancellor’s announcement
Press Release
Browne Jacobson’s School Leaders Survey illustrates concerns over financial resilience ahead of spending review
Legal Update
ESG and sustainability report: Rethinking communication and credibility
Press Release
Majority of UK organisations remain committed to sustainability and ESG, says new research
Opinion
Addressing the gender pay gap in school trusts
Podcast - #EdInfluence
#EdInfluence podcast (series 4): In conversation with inspiring leaders
Legal Update
The OfS agrees a settlement with Leeds Trinity University
Press Release
Browne Jacobson’s latest School Leaders Survey to focus on schools exclusions and early years funding
Press Release
UK-EU reset deal: Comments from Browne Jacobson experts
Opinion
Disciplinary procedures and mental health: Employer considerations
Legal Update
Supporting mental wellbeing in the workplace: Practical steps for businesses
Legal Update - Be Connected (higher education)
Be Connected, higher education: Spring 2025
Published Article
Learning from Europe: Funding models for UK schools infrastructure
Legal Update - Be Connected (schools)
Be Connected: Schools and academy trusts, May 2025
Legal Update
New novel, contentious and repercussive transactions guidance
Legal Update
Unpacking the new guidelines for alternative provision: Practical steps for education institutions and providers
Opinion
EHRC releases guidance for employers after Supreme Court ruling on definition of woman
Legal Update
Unfunded pay rise for teachers risks strikes, tension, restructures and budget crisis
Guide
Advice for schools on how to handle information requests from the police
Legal Update
2025/26 employment rates and limits: Are costs increases having a negative impact on the job market?
Legal Update
School leaders survey, summer 2025
Legal Update
Analysing new statistics on school exclusions
