The recent record-setting British Airways and Marriott fines that are to be enforced by regulators show the importance of cybersecurity to prevent breaches, and justice for the victims when an incident occurs.
What we saw was two major organisations whose systems were breached when we should be able to expect big corporations to protect our data. We should be able to safely assume that these large, wealthy organisations can – and will – invest in solid cybersecurity. But both have undoubtedly fallen short, and the result is huge fines and claims for compensation for the victims.
The levels of the provisional fines to be enforced shows how seriously the Information Commissioner’s Office (ICO) is taking breaches of GDPR. The compensation actions that we represent people for are the way forward when it comes to justice for victims, which is not accounted for as part of regulatory fines.
British Airways and Marriott fines show need to invest in security
The British Airways and Marriott fines have given us the first taste of the powers the ICO can employ, and the extent of the financial penalties they can impose.
They can apply fines that can amount to 4% of a company’s global annual turnover. The initial fine for BA has been set at £183m, which reportedly accounts for 1.5% of their 2017 annual turnover.
The Marriott fine is smaller but has still been set initially at £99m.
If organisations weren’t already taking the need to invest in cybersecurity seriously, they ought to be doing so now. With one study suggesting that less than half of organisations are actively investing in cybersecurity, more huge fines could be on the way.
Those who are still considering their options and making their plans for investment need to know that the clock is ticking. They may already be a target for criminals, and the need to invest was last year before GDPR came into force.
These fines should alter the mindset for those who have yet to invest.
The importance of compensation action
The British Airways and Marriott fines are important, but the need for compensation action for victims is also vital.
Money acquired from the GDPR penalties normally goes to the treasury and isn’t designed to be used for compensation. That’s why we launch our separate group and multi-party actions where the actual victims of the incidents can be entitled to deserved justice.
Joining the compensation actions
Now that the British Airways and Marriott fines have been initially set, we have more power in our legal arsenal to argue in favour of compensation for victims.
To claim compensation as a victim of the Marriott data breach, please contact the team by phone, email or by completing an enquiry form.