DATA BREACH FINES ISSUED
|Greece||Hellenic Data Protection Authority||17/04/2019||EUR €||30,000||Hellenic Petroleum||Not disclosed||Oil/Gas/Petroleum||Greece’s Hellenic Data Protection Authority fined Hellenic Petroleum €20,000 for unlawful processing of personal data and €10,000 for failing to adopt appropriate data security measures totaling €30,000 for Data Protection violations.Hellenic Petroleum S.A. had engaged a vendor to conduct a study on its behalf. The study was exposed online and its results, which included sensitive data such as political opinions, trade union membership and participation in associations were publicly accessible on the Internet in violation of GDPR stipulations.|
|United Kingdom||Information Commissioners Office UK||08/07/2019||GBP £||183,000,000||British Airways||Not disclosed||Aerospace/Aviation||British Airways is facing a record fine of £183m for last year's breach of its security systems.The airline, owned by IAG, says it was "surprised and disappointed" by the penalty from the Information Commissioner's Office (ICO).At the time, BA said hackers had carried out a "sophisticated, malicious criminal attack" on its website.The ICO said it was the biggest penalty it had ever handed out and the first to be made public under new rules.The ICO said the incident took place after users of British Airways' website were diverted to a fraudulent site. Through this false site, details of around 500,000 customers were harvested by the attackers, the ICO said.|
|United Kingdom||Information Commissioners Office UK||15/01/2019||GBP £||895||Leo Kirk||Breach of s55 of the Data Protection Act 1998||Social Care||A former social worker has been prosecuted for passing the personal information of service users to a third party provider for Local Authority young person placements.
Leo Kirk unlawfully disclosed referrals for residential or foster placements of vulnerable young people aged 16-18 years old. The referrals contained sensitive personal data including potential identifier information and vulnerability risks of the service user.
Mr Kirk of Audenshaw, Manchester appeared before Stockport Magistrates’ Court and admitted two offences of unlawfully disclosing personal data, in breach of s55 of the Data Protection Act 1998. He was fined £483 for the first offence with no separate penalty for offence two, he was ordered to pay costs of £364.08 and a victim surcharge of £48.
|United Kingdom||Information Commissioners Office UK||05/12/2019||GBP £||859||Dannyelle Shaw||Breach of s55 of the Data Protection Act 1998||Government/Military||A former Reablement Officer at Walsall Metropolitan Borough Council has been prosecuted for accessing social care records without authorisation.
An internal investigation by the Council found that Ms Shaw had inappropriately accessed the social care records of 7 adults and 9 children without any business need to do so.
Dannyelle Shaw of Bloxwich, Walsall, appeared before Wolverhampton Magistrates’ Court and admitted one offence of unlawfully obtaining personal data, in breach of s55 of the Data Protection Act 1998. She was sentenced to a fine of £450, ordered to pay costs of £364 and a victim surcharge of £45.
|United Kingdom||Information Commissioners Office UK||02/12/2019||GBP £||720||Michelle Shipsey||Breach of s170 of the Data Protection Act 2018||Government/Military||A former Social Services Support Officer at Dorset County Council has been prosecuted for accessing Social Care records without authorisation.
An internal investigation found that Ms Shipsey had inappropriately accessed the Social Care records without any business need to do so. The records related to four individuals known to Ms Shipsey.
Michelle Shipsey of Verwood, Dorset, appeared before Poole Magistrates’ Court and admitted one offence of unlawfully obtaining personal data, in breach of s170 of the Data Protection Act 2018. She was sentenced to a 6 month conditional discharge, ordered to pay costs of £700 and a victim surcharge of £20.
|United Kingdom||Information Commissioners Office UK||17/09/2019||GBP £||150,000||Superior Style Home Improvements Ltd||Not disclosed||Marketing||Superior Style Home Improvements Ltd issued with monetary penalty notice after making unsolicited marketing calls to individuals registered with the TPS to try and generate UPVC installation leads.
The Information Commissioner’s Office (ICO) has fined a Swansea double-glazing company £150,000 for making nuisance calls.
Superior Style Home Improvements Ltd called people over an 11 month period whose numbers were registered with the Telephone Preference Service (TPS) and who had not given their consent to receive them. The ICO has also issued an Enforcement Notice warning them to stop making the calls.
Dave Clancy, of the ICO’s investigations team said: ”Companies engaged in this illegal activity should take note, we will take action against those that continue to disregard the law around electronic marketing via phone calls, emails and text messages. These cause a real nuisance - and often distress - to people who don’t want to receive them. Company directors should also be aware that they can now be made personally liable for fines that we issue.”
|United Kingdom||Information Commissioners Office UK||12/08/2019||GBP £||Hudson Bay Finance Ltd||Section 4(4) of the DPA Subject to Section 27(1)||Financial Services||Hudson Bay Finance Ltd issued with an enforcement notice for failing to respond to a subject access request.|