Share these talks and lectures with your colleagues
Invite colleaguesCase study
ICO fines Ticketmaster UK Limited £1.25m for failing to protect customers’ payment details
Journal of Data Protection & Privacy,
4
(1),
93-99
(2020)
Abstract
This paper discusses the finding of the Information Commissioner’s Office (ICO) against Ticketmaster UK Limited (Ticketmaster), which was fined £1.25m by the ICO for failing to keep its customers’ personal data secure. The Information Commissioner determined that Ticketmaster’s failure constituted a breach of the General Data Protection Regulation. In its findings, the ICO held the company should have done more to reduce the risk of a cyber-attack, including in relation to its use of third-party JavaScript on the payment page of its website. Ticketmaster’s breach led to millions of individuals in the United Kingdom and Europe being exposed to potential fraud. The financial sanction sends a message to other organisations ‘that looking after customers’ personal data safely should be at the top of their agenda’. Ticketmaster has indicated that it will appeal the fine. This paper additionally provides some practical tips to data protection practitioners to mitigate against similar breaches.
Keywords: data protection; JavaScript; cyber security; fines; GDPR
The full article is available to subscribers to the journal.
Author's Biography
Joanne Bennett works as a freelance lawyer and data protection consultant. She also holds an MSc in Computer Science. For over 13 years, Joanne worked as a commercial in-house lawyer advising global businesses on transactional and compliance matters. Most recently, as Vice President — Associate General Counsel, Commercial and Global Compliance at Hitachi Consulting (now Hitachi Vantara) — Joanne led a multi-disciplinary team to successfully deliver the company’s global General Data Protection Regulation programme — for which the company was the first global brand to achieve the British Standards Institution’s 10012:2017 certification standard.
