Yesterday saw a further development in the Facebook data breach story – the Information Commissioner’s Office (ICO) made it clear that it intended to hit the social network platform with a £500,000 fine.

Back in March, we took a look at why the ICO were investigating Facebook, along with its consultancy provider Cambridge Analytica. Now, the ICO have announced its intention in a report to fine the company with the maximum fine for data breaches under the old Data Protection Act.

The decision to fine Zuckerberg’s empire was based on its:

  • lack of transparency
  • failure to safeguard its users’ information, and
  • failure to ensure Cambridge Analytica had deleted its users’ data.

Facebook has now been given a chance to respond to the report – a final decision will then be taken by the ICO. On the other side of the coin, Cambridge Analytica, which has since shut down its operations, is faced with criminal proceedings brought by the ICO.

While, Facebook is, of course, a giant when it comes to processing data, smaller organisations should nevertheless take note from the ICO’s stance – failing to comply with data protection laws could leave organisations open to enforcement action, which could cause serious financial and reputational damage to their business.

For advice on what to do in the event of a data breach or on GDPR generally, please get in touch.