THE ICO FINES CATHAY PACIFIC AIRWAYS £500.000 FOR BREACH OF THE DATA PROTECTION LAWS

05 March 2020

The Information Commissioner’s Office (“ICO”) has fined Cathay Pacific Airways Limited £500.000 because of its breach of obligation to protect its customers’ personal data.

Around 9.5 million data subjects around the world have been affected because their personal data have been disclosed between 2014 and 2018 in connection with inadequate security measures the Airway took. 

After the investigation, the ICO found that the back-up files were not protected with password, use of operating system were not supported by the developer, the Airway used insufficient anti-virus program.

Therefore, the ICO concluded that Cathay Pacific Airways has seriously infringed Principle 7 of the Data Protection Act 1998 which states that appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data.

You can find the full text of the Penalty Notice here.

Should you have any queries and/or remarks, please do not hesitate to contact us. 

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr