Is Equifax Data Breach Penalty A Sign Of Fines To Come?

By James Castro-Edwards and Eavan Prenter ( October 26, 2018, 2:25 PM EDT) -- Recently, the U.K. Information Commissioner's Office announced that it was issuing a penalty of £500,000 to Equifax Ltd. for a cyberattack affecting the personal data of millions of people in the U.K. — the highest penalty available under the Data Protection Act 1998. The ICO has had the power to issue financial penalties of up to £500,000 since April 2010, yet until this year it had never awarded the maximum penalty. Then in July the regulator announced its intention to fine Facebook £500,000 for Facebook's actions in the Cambridge Analytica scandal, and now it has awarded the maximum penalty to Equifax. Many will see this decision as a sign that the commencement of the European General Data Protection Regulation in May has already bled into the ICO's decision-making, and that from now on we can expect to see a tougher stance from the ICO, reflected in an increase in the number and size of fines, but is this decision really such a departure?...

Law360 is on it, so you are, too.

A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions.


A Law360 subscription includes features such as

  • Daily newsletters
  • Expert analysis
  • Mobile app
  • Advanced search
  • Judge information
  • Real-time alerts
  • 450K+ searchable archived articles

And more!

Experience Law360 today with a free 7-day trial.

Start Free Trial

Already a subscriber? Click here to login

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!