Really interesting to note that in BA's latest annual filings they have set aside just under £20m as their current best guess at the amount of the final fine they will receive from the ICO following their 2018 data breach.
This is quite a reduction on the £183m that the ICO originally announced it was intending to issue.
There have been a number of delays and ongoing negotiations over the finalisation of the fine. It will be interesting to see when finalised whether this reduction is as a result of BA demonstrating reduced culpability, issues in the ICO investigation, or a recognition of the financial hardship the COVID-19 pandemic has placed on the aviation sector.
My guess? Combination of all three.
Although this won't appease many who have been calling for the ICO to take stronger regulatory action in recent times.
But those calling for harsher penalties should of course also bear in mind the separate group litigation claims in process (and that may yet arise) on behalf of the affected data subjects. Those will only place further financial hardship on the airline.
"The exceptional charge of 22 million euros represents management’s best estimate of the amount of any penalty issued by the Information Commissioner's Office (ICO) in the United Kingdom, relating to the theft of customer data at British Airways in 2018," IAG said in a filing today on its financial results for the six months to June 30.