GDPR at Work: Yahoo Fined £250k for Breaking Rules on Working with PD
The new data protection policy came into force on 25th May 2018 and many companies have already experienced its knock-on effects. Review the Yahoo case and make sure you aren’t the next to be fined.
Recently, the British Information Commissioner’s Office fined Yahoo for failing to comply with the Data Protection Act of 1998. The reason - the leakage of 500 thousand UK citizens’ personal data in 2014.
How It Happened
In 2014, cybercriminals cracked Yahoo's servers and stole the credentials of half a million users, including dates of birth, phone numbers, passwords, account recovery questions and their answers. The theft was uncovered after a man using the nickname “Peace”, known for the "dump" of LinkedIn and Myspace user data, began offering the Yahoo database for sale for only 3 bitcoins. The announcement appeared in the Darknet in 2016, but the hacker said that he had already stolen some of the data back in 2012 and was selling it in secret.
During an investigation involving the FBI, it turned out that Yahoo
In this case, Yahoo is accused of:
- Failing to ensure the safety of 515 121 users’ data;
- Failing to process personal data in the manner required by the regulations;
- Failing to report any detected "holes" or leaks for a significant length of time.
As a result, the British Information Commissioner’s Office decided that Yahoo was in violation of Part 1 of Section 7 of the DPA 1998, which refers to "the need to take appropriate technical and organisational measures to prevent unauthorised or illegal processing of personal data, as well as its accidental loss, damage or disposal ". According to sec 55A DPA 1998, the maximum penalty
Here at Magora, we discussed GDPR compliance during the webinar with our business consultant Dmitry. Find out how you can automate data processing and download our checklist to double-check whether you’ve covered all the risks.
James Dipple-Johnstone, deputy operations commissioner for ICO, in his post dedicated to the Yahoo case, notes that people entrust companies with their data hoping that their personal information will be in safe hands and will not be transferred to third parties. Unfortunately, not all
The Office understands that cyber attacks are inevitable and will continue, while cybercrime will become more sophisticated, but they require companies to do their best to protect their clients’ data.
As for us, we can offer the power of high technologies to help you
Software development and automation can save you from many headaches, including potential GDPR-violation penalties. Don’t wait till you need a lawyer - drop us a line to discuss your issue.