On 19th September 2018, the Information Commission Officer (“ICO”) fined credit reference agency Equifax Limited £500,000 for breaching the Data Protection Act 1998 (“DPA”). Finding that Equifax Limited failed to protect the personal data of up to 15 million UK individuals, the ICO awarded the maximum penalty for a breach under the DPA.
The ICO found that of the eight data protection principles established in the DPA, Equifax breached five. The finding considered how Equifax handled personal data, the purpose of processing the personal data and the transfer of the UK data to the US.
Continue Reading Why the ICO Fined Equifax £500,000