What does this cover?

Following TalkTalk's announcement on 21 October that they had been the victim of a cyber-attack, an urgent question was asked on the issue during a House of Commons debate on 26 October. The discussion turned to the level of sanction the ICO is able to impose on companies responsible for substantial data breaches. The maximum fine is currently £500,000, which the SNP MP John Nicolson argued was an insignificant sum for those companies with turnovers reaching many millions, if not billions of GBP. Ed Vaizey, the Minister for Culture and Digital Economy indicated discussions would take place with the ICO on this matter. However, it is worth nothing that the draft General Data Protection Regulation addresses the issue of fines, with current proposals calculating fines as a percentage of global annual turnover.

To view TalkTalk's statement, please click here.

To view the debate in Hansard, please click here.

What action could be taken to manage risks that may arise from this development?

Companies should continue to ensure they have robust systems and policies in place to protect from cyber-attacks, especially in light of increased scrutiny in this area and the increased fines that the GDPR is likely to impose.