Organizations which fail to implement appropriate technical and organizational security measures to protect personal data and suffer personal data breaches as a result, increasingly may find themselves facing the double whammy of both enforcement action by the UK Information Commissioner’s Office (ICO), (which can include significant financial penalties) and potentially also group-style legal actions brought by data subjects.
British Airways, which suffered a cyber incident that is believed to have started in June 2018 and led to a personal data breach involving almost 500,000 of its customers, has found itself on the receiving end of such an action.Continue Reading UK Group-Style Data Breach Actions Continue