Clarkson Wright and Jakes Ltd Banner Image

Insights

  • Home
  • Insights
  • Latest News

TalkTalk Fined for Data Protection Breaches

The recent fine levied on TalkTalk by the Information Commissioner shows the great importance of having an effective data protection regime in operation in any business.

TalkTalk was fined £400,000 – the largest ever fine of its type – after a ruling that it had seriously failed to abide by its obligations under the Data Protection Act 1998.

TalkTalk's fine arose when it failed to fix a known security loophole in a database it had obtained when it took over Tiscali in 2009. The database was accessible via its website, which was subsequently hacked causing personal information on more than 150,000 customers to be exposed.

The fine was levied despite the presence of a number of mitigating factors.

Although this fine was levied for breach of the current law, businesses should be aware that the EU General Data Protection Regulation was adopted in April 2016 and will come into full effect after a two year transition period on 25 May 2018. This regulation will impose updated and additional requirements on the protection of personal data, which is currently regulated by the largely outdated Data Protection Act 1998.

For advice on compliance with data protection law, contact us.

Although correct at the time of publication, the contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article. Please contact us for the latest legal position.