So UBER think it’s a good idea to pay hackers a pile of money to cover-up a huge
data breach? This is just totally unbelievable and perhaps says more about the
management of UBER than they would like. Under current legislation ICO are
limited to a fine of £500,000 – anything less than that would be a travesty. This
doesn’t include the consequences of other legal action of course. However under
GDPR the ICO fine could have been so much bigger. UBER might think they had a
lucky escape!
So how will this affect you? Under the new EU regulations there is a whole
section on how regulators should calculate the fines they impose. There is no
formula – it’s more like a set of principles that talks about scale, impact, and
whether this was a one off or is systemic. Give the scale of the UBER breach and
recent other high profile breaches the effect just might be to reduce the size of
fines for small companies.
If UBER get away with £500K for a 57M record breach and subsequent cover-up
then Mr X. who inadvertently sends 20K dodgy emails should only face a fine of
£20. Maybe UBER had a lucky escape and helped everyone else along the way.
So, given the EU regulations on the size of fines, should you be faced with ICO
GDPR enforcement action and a huge fine an appeal based on comparison other
recent breaches might just help.
Lets see what happens.
Good luck all.