as long as precedent set of £1000 fine per individual whose data are compromised, and as long as that passes on to every other breach by TalkTalk, then this isn't a bad start for punitive element. Provided, of course, there's also compensation to the individuals concerned, of at least twice the amount put at risk in each case.