Busy year for the ICO as it issues 22 fines totalling over £3m
The ICO is using its new powers under the GDPR and is preparing new and updated codes of practice. By Laura Linkomies.
The ICO saw a record-breaking year in 2018-19 in issuing monetary penalties, the ICO's recent annual report reveals. The regulator issued 22 monetary penalty notices (MPNs) for breaches of the DP Act 1998, with fines totalling over £3 million. There were no penalties under the DP Act 2018 in 2018-19, but they were under the previous law as the investigations typically take a long time. During 2018-19, the ICO also issued 23 monetary penalties for violations of the Privacy and Electronic Communications regulations.
Some of the largest DP fines issued include a £500,000 fine against Equifax Ltd, and £500,000 fine against Facebook Ireland Ltd. with Equifax, the investigation was carried out in parallel with the Financial Conduct Authority, and revealed multiple failures at the credit reference agency which led to personal information being retained for longer than necessary and vulnerable to unauthorised access. In terms of Facebook, the ICO said at the time that the breach would have incurred a much higher fine had it been under the 2018 GDPR implementing Act. The ICO also fined Uber £385,000, and the Crown Prosecution services £325,000.