TalkTalk's appeal against paltry ICO data breach fine thrown out

Thursday 1st September 2016 08:08 GMT tiggity

Not fit for purpose

1 grand fine - what's the point? Should have been serious money

Typical Talk Talk appealing even that paltry amount

15 0 Reply
1. Thursday 1st September 2016 11:04 GMT AndyS
  
  Re: Not fit for purpose
  
  The point is to make a point, that they were in breach.
  
  The point of appealing was to try and reverse that point.
  
  The fact that the actual amount of money is basically meaningless proves that this is about making quite important points, not about the money.
  
  Talk talk may be pretty awful, but their behaviour in appealing this is perfectly logical.
  
  3 0 Reply
  1. Thursday 1st September 2016 20:57 GMT John Brown (no body)
    
    Re: Not fit for purpose
    
    "Talk talk may be pretty awful, but their behaviour in appealing this is perfectly logical."
    
    It's only a logical course if action of their lawyer can point to something in the law which s/he thinks might prove the case in their favour. This was pretty cut and dried. The breach, by definition, had already happened and it should not have. It was clearly their fault for not doing a proper security audit. Even if they had paid for an external security consultant to do the audit and s/he was incompetent, that's still TalkTalks fault. The buck has to stop somewhere. They could, of course, then go on to sue an external agent if they thought they got a bum deal from said agent
    
    1 0 Reply
Thursday 1st September 2016 08:13 GMT paulf

Seriously?

They went to all the hassle of lawyering up to contest a £1000 fine? Considering the costs incurred by the ICO in defending their decision against the appeal I'd have considered a min 100x increase to be appropriate punishment for such an egregious appeal.

I accept they may have been trying to reverse the conviction rather than the nominal amount of the fine but if Dido's contrite wailings* had any credence they would have paid up, written off the £1k to experience, booked a gain from having deprived the lawyers of their hundreds of billable hours (or even spent the savings on some proper IT security bods) and moved the fuck on.

*Yes, I know. During that performance I was half expecting a caption to flash up, "Members of the Academy: Vote now!"

9 0 Reply
1. Thursday 1st September 2016 09:22 GMT Anonymous Coward
  
  Re: Seriously?
  
  They probably appealed as part of their strategy for "maintaining their corporate reputation". They have, of course, succeeded.
  
  13 0 Reply
2. Thursday 1st September 2016 10:18 GMT Anonymous Coward
  
  Re: Seriously?
  
  They went to all the hassle of lawyering up to contest a £1000 fine?
  
  In this case that's the biggest fine the ICO can offer for late notification. However, as a general rule, the fines (or "monetary penalties") that UK regulators impose are decided by a range of factors, including a particular consideration of the track record of offenders. If TT can get out of the £1k fine, it will have a bearing on future penalties for next time they screw up. With the ICO only handing out a theoretical maximum £500k fine for major breaches that still doesn't matter. But under the EU GDPR fines could be very serious from May 2018, and that's probably what is being played for here.
  
  The Remainderers will weep and gnash their teeth and say that Brexit means we won't have any protection under GDPR because it probably won't be enforced during the leaving period. In strict terms that's not proven, but even if that is the case I would suggest that the UK government will not wish to have the weakest data protection regime in the developed world (and a system that prevents data transfer from the EU), so a UK act of similar standards is a near certainty.
  
  So for TalkTalk, appealing the penalty makes economic sense, since even the smallest chance of success is worth hoping for.
  
  4 3 Reply
3. Thursday 1st September 2016 13:31 GMT Alan Brown
  
  Re: Seriously?
  
  "They went to all the hassle of lawyering up to contest a £1000 fine?"
  
  The fine is from the ICO.
  
  The consequent exposure to private legal action is virtually unlimited and the ICO fine makes it uncontestable as the court will see it as proof that they were deficient under the act.
  
  3 0 Reply
Thursday 1st September 2016 08:44 GMT Destroy All Monsters

One hour of CEO's billable time

Industrial production of bespoke bullshit and spin: Amazingly still pretty expensive in 2016.

One would think the price would have dropped precipitously in the last 20 years or so.

Where, oh where can I get my Cheap Bullshit Fix??

4 0 Reply
1. Thursday 1st September 2016 10:07 GMT Anonymous Coward
  
  Re: One hour of CEO's billable time
  
  "Where, oh where can I get my Cheap Bullshit Fix??"
  
  Anywhere in the US, In the run up to November 8.
  
  Our version ran until June .. oh, although there's a smaller version going on at the moment ..
  
  2 0 Reply
  1. Thursday 1st September 2016 13:32 GMT Alan Brown
    
    Re: One hour of CEO's billable time
    
    "Anywhere in the US, In the run up to November 8."
    
    This is a special kind of bullshit, which unlike the normal kind, kills vegetation.
    
    3 0 Reply
This post has been deleted by its author
Thursday 1st September 2016 09:54 GMT circusmole

Just another example...

...of the strange bubble/parallel universe that ego-centric Dido and her mates live in. If she spent as much time and effort sorting out TalkTalk's security issues... but that's part of her paid job, so no chance of that getting done.

2 0 Reply
Thursday 1st September 2016 10:10 GMT Anonymous Coward

as long as precedent set of £1000 fine per individual whose data are compromised, and as long as that passes on to every other breach by TalkTalk, then this isn't a bad start for punitive element. Provided, of course, there's also compensation to the individuals concerned, of at least twice the amount put at risk in each case.

1 0 Reply
1. Thursday 1st September 2016 10:20 GMT My-Handle
  
  That's kind of what gets me in these situations. A company like TalkTalk messes up and spills millions of their customers' personal data across the net. Regardless of whether the company get fined or not for their lack of security, those who are actually hurt by the company's negligence don't see a penny of it. Instead, whenever the victim of a data breach is subsequently the subject of bank / identity fraud, they are usually blamed for having poor security / bad passwords.
  
  A combination of stiffer fines and enforced refunds are definitely in order, I feel.
  
  8 0 Reply
  1. Thursday 1st September 2016 12:16 GMT heyrick
    
    "A combination of stiffer fines and enforced refunds are definitely in order, I feel."
    
    ...and the CEO given a box, five minutes, then escorted from the premises with all contacts terminated.
    
    And rather than complaining she should feel lucky she wasn't given a sword and an empty patch of floor space.
    
    Because until the fucking management feels hurt in these situations, they will continue, as will the idiotic fines.
    
    5 0 Reply
    1. Thursday 1st September 2016 12:41 GMT John McCallum
      
      unfortunately it will not be a top tier manager but some poor sod much lower down in the pecking order.
      
      1 0 Reply
  2. Thursday 1st September 2016 13:34 GMT Alan Brown
    
    " those who are actually hurt by the company's negligence don't see a penny of it."
    
    Only because they've chosen not to take private legal action.
    
    The ICO fines are for cocking up. Any payments to those affected are contingent on private action being taken by those affected people.
    
    0 0 Reply
Thursday 1st September 2016 12:25 GMT adam payne

"TalkTalk has lost its appeal against the Information Commissioner's Office decision to fine the company £1,000 for a data breach last year."

I should hope they did lose their appeal. The only appeal Talk Talk need to make is an appeal for forgiveness from all the people affected by their lacklustre security.

The handling of these hacks and breaches by Talk Talk has been appalling. Talk Talk won't be able to restore their reputation by appealing fines for data breaches.

0 0 Reply
1. Friday 2nd September 2016 09:59 GMT VulcanV5
  
  Re: TalkTalk's appeal against etc etc
  
  "Talk Talk won't be able to restore their reputation by appealing fines for data breaches." You being serious? At this stage in its life cycle,TalkTalk doesn't give a bugger about "reputation". All it cares about is fishing the moron pool to exhaustion. When there's a final irreversible decline in the number of morons signing up for its services, then and only then will it think about 'reputation' -- as in, how much value might be attached to the TalkTalk name, now that the business is up for sale. . .
  
  0 0 Reply
Thursday 1st September 2016 16:35 GMT Anonymous Coward

recently, a flyer from Talk-Talk landed on my doormat..

i tore it up and put it in the recycling bin

i now want a million upvotes.

1 0 Reply
Thursday 1st September 2016 18:51 GMT TWB

I voted with my feet

I enjoyed filling out the 'why did you leave' questionnaire though I suspect TT will not act on what really matters.

0 0 Reply
Thursday 1st September 2016 20:31 GMT Paul

I can imagine that there was a bug in TalkTalk's bug tracker along the lines of "under specific circumstances a customer might see another's data" which was marked down in priority over adding a specific new feature like "add another advert on the page for TalkTalk's products".

I can also imagine that the developers probably shouted out this needed to be investigated and fixed, and requested more hardware and QA/testing staff to work on it, and they were told that giving Dido and other directors a bigger bonus and a new car was more important.

And I can imagine that when the bug went public, the developers would have been berated for not fixing it.

0 0 Reply
Thursday 1st September 2016 22:42 GMT Anonymous Coward

Don't worry - TalkTalk customers will be paying the fine.

More importantly, why isn't anyone asking the obvious:

"How come TalkTalk still has any customers?".

0 0 Reply
Friday 2nd September 2016 10:23 GMT Dave 15

Is she worth that much?

The people that do the REAL work of the company are paid the same in a year as she is in day or two... really, is ANYONE worth that much more than the rest of their workforce? I am not really a communist but to be honest there must be limits surely there are?

0 0 Reply
1. Friday 2nd September 2016 14:42 GMT Anonymous Coward
  
  Re: Is she worth that much?
  
  Of course she is.
  
  In the circumstances, your annual Capitalism training course has been brought forward to September to clarify your uncertainty on this fundamental premise of our society.
  
  War is peace. Freedom is slavery. Ignorance is strength.
  
  Resistance is futile.
  
  0 0 Reply
Tuesday 4th October 2016 14:57 GMT Zap

Every week on BBC consumer shows there are victims of TalkTalk Hack and the TalkTalk data sale (when IT company in Inida it appointed had employee that sold data).

One lady lost £7000,

How about a fine of £1000 per person whose data was stolen, they were saying it was arounf 159,000 customers but I suspect it is in the millions, how could they even know.

Companies of such a size can take precautions to prevent a hack and THERE IS NO EXCUSE for and IT aware company like TalkTalk to have allowed themselves to be hacked.

Never minds selling off BT wholesale (which TalkTalk are always pushing for) how about we sell off TT biz ?

0 0 Reply