{"id":117252,"date":"2020-02-20T20:00:00","date_gmt":"2020-02-21T01:00:00","guid":{"rendered":"https:\/\/www.dacgroup.com\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/"},"modified":"2024-12-19T16:44:30","modified_gmt":"2024-12-19T21:44:30","slug":"behind-the-headlines-lessons-from-bas-237-million-data-breach-fine","status":"publish","type":"post","link":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/","title":{"rendered":"Behind the Headlines: Lessons from BA\u2019s $237 million data-breach fine"},"content":{"rendered":"<p>Last summer, just over a year after the introduction of GDPR, British Airways was issued with a record-setting $237 million fine for failing to protect its customers&#8217; personal data. But when BA&#8217;s appeal period came to an end in January 2020, the UK&#8217;s Information Commissioner&#8217;s Office (ICO) delayed its final decision for several more months.<\/p>\n<p>What&#8217;s going on here? Are regulators unwilling to punish companies that play fast and loose with personal data? Should marketers quake at the prospect of gigantic fines, or should they breathe easy knowing that enforcement will be patchy at best?<\/p>\n<h2>What the hack happened?<\/h2>\n<p>Make no mistake: BA didn&#8217;t willingly hand over confidential information to hackers. In fact, its website hadn&#8217;t actually been compromised\u2014its ecommerce vendor had. We now know that stringent, real-time tag tracking on BA&#8217;s part would have stopped the scheme before it even started&#8230; but that&#8217;s not what happened. Here&#8217;s how it went down:<\/p>\n<ul>\n<li>When the BA site dynamically called in the ecommerce vendor&#8217;s code via JavaScript, the vendor&#8217;s code itself called more code\u2014which had been hacked<\/li>\n<li>The malicious code looked legitimate; in fact, it took three months to detect<\/li>\n<li>Hackers stole credit card and other sensitive information from an estimated 429,000 customers during this time<\/li>\n<\/ul>\n<p>This landmark case is complex, multi-layered, and there&#8217;s little doubt that hidden tags and code are difficult to diagnose. Nevertheless, website owners are ultimately responsible for end-user protection. British Airways is entirely liable for the breach that occurred via its site, even if it wasn&#8217;t directly culpable.<\/p>\n<h2>Privacy requires governance<\/h2>\n<p>Although the ICO is demurring for now, there are valuable lessons to be learned. Countless martech solutions are loaded from remote servers via JavaScript, such as Google Analytics, DoubleClick, and various retargeting engines. The problem is that large brands are failing to exercise their own technology governance and supervision, putting consumers at risk.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-48428\" src=\"\/wpe-content\/uploads\/2020\/02\/data-privacy.jpg\" alt=\"Developing programming working in a software engineers code tech applications on desk in office room.\" width=\"652\" height=\"326\" \/><\/p>\n<p>That risk\u2014real and perceived\u2014is the driving force behind a sea change in data privacy, including the inevitable prospect of <a href=\"\/blog\/digital-advertising-in-a-cookie-less-future\/\">digital advertising in a cookie-less future<\/a>. Users are taking control of their data by turning to privacy protection tech (now built into Chrome, Safari, and Firefox), incognito browsing, VPNs, and more. The only way advertisers can win back these hearts and minds is to re-establish their trust.<\/p>\n<section data-role=\"forward-email-subscription-container\" class=\"full-width w-100 d-flex justify-content-center align-items-center bg-c7f2b3\">\n    \n    <div class=\"max-w-1400 w-100 form\">\n        <div class=\"text-content-container\">\n            <h2>\n                Stay Forward            <\/h2>\n            <p class=\"subtitle\">\n                Get exclusive insights into digital <br class=\"d-none d-lg-block\">media's top-trending topics delivered<br class=\"d-none d-lg-block\"> directly to your inbox.            <\/p>\n        <\/div>\n\n        <div data-role=\"form-group\">\n            <div class=\"d-flex flex-column w-100\">\n                <form data-forward-email-form class='custom-hubspot-form' id='hubspot_form_69f49762bdb52'>\n    <div class='d-flex input'>\n        <input type='email' class='form-control me-2 input' placeholder='Email address' aria-label='Email' name='email' required>\n        <button type='submit' class='btn_primary-filled_white'>Submit\n<\/button>\n    <\/div>\n    <p class='hubspot-status'><\/p>\n<\/form>\n<script>\njQuery(document).ready(function($) {\n    var form = $('#hubspot_form_69f49762bdb52');\n    form.on('submit', function(event) {\n        event.preventDefault();\n\n        \/\/ Get email input value\n        var emailInput = form.find('input[name=\"email\"]');\n        var email = emailInput.val().trim();\n\n        \/\/ Required HubSpot fields\n        var portalId = '5408011';\n        var formId = '0c9a9cec-eb1c-44ac-920f-687ce0230830';\n\n        \/\/ Prepare the data payload\n        var data = {\n            fields: [\n                {\n                    name: 'email',\n                    value: email\n                }\n            ],\n            context: {\n                pageUri: window.location.href,\n                pageName: document.title\n            },\n            submittedAt: new Date().getTime()\n        };\n\n        \/\/ Get the status element for this form\n        var statusElement = form.siblings('.forward-email-status-container');\n\n        \/\/ Send the data to HubSpot\n        fetch('https:\/\/api.hsforms.com\/submissions\/v3\/integration\/submit\/5408011\/0c9a9cec-eb1c-44ac-920f-687ce0230830', {\n            method: 'POST',\n            headers: {\n                'Content-Type': 'application\/json'\n            },\n            body: JSON.stringify(data)\n        })\n        .then(response => {\n            if (response.ok) {\n                if(statusElement) {\n                    statusElement.text('Thanks for Subscribing!');\n                    statusElement.css('color', 'green');\n                }\n\n                var userInfo = JSON.parse(localStorage.getItem('userInfo'));\n                if (userInfo) {\n                    userInfo.event = 'Form_submit';\n                    userInfo.email = email;\n                    userInfo.form_name = 'Newsletter';\n                    window.dataLayer = window.dataLayer || [];\n                    window.dataLayer.push(userInfo);\n                }\n\n                emailInput.val(''); \/\/ Clear the email field\n                window.dispatchEvent(new CustomEvent('newsletter-submit'));\n            } else {\n                return response.json().then(error => {\n                    if(statusElement) {\n                        statusElement.text('Error: ' + error.message);\n                        statusElement.css({\n                            'color': 'red',\n                            'padding-top': '10px'\n                        });\n                    }\n                });\n            }\n        })\n        .catch(error => {\n            console.error('Error:', error);\n            statusElement.text(\"There was an error submitting the form.\");\n            statusElement.css({\n                'color': 'red',\n                'padding-top': '10px'\n            });\n        });\n    });\n\n    window.addEventListener('message', function(event) {\n        const isFormCallback = event.data.type === 'hsFormCallback';\n        const isFormSubmitted = event.data.eventName === 'onFormSubmitted';\n        const iscurrentForm = !!event?.data?.id ? '0c9a9cec-eb1c-44ac-920f-687ce0230830'.trim() == event?.data?.id : false; \n\n        if( isFormCallback && isFormSubmitted && iscurrentForm ) {\n            console.log('event', event);\n            window.location.href = 'https:\/\/www.dacgroup.com\/en-ca\/thank-you\/';\n        }\n    });\n});\n<\/script>                <span class=\"forward-email-status-container\"><\/span>\n            <\/div>\n\n            <button id=\"forward-form-submission\" class=\"subscribe-btn\" type=\"button\" onclick=\"triggerButton(this)\">\n                <span class=\"d-inline-block\">\n                    SUBSCRIBE                <\/span>\n                <span class=\"d-inline-block bell-container\">\n                    <svg width=\"28\" height=\"28\" viewBox=\"0 0 24 24\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                        <path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M3.5458 14.4774L4.50055 13.234C4.50657 11.8629 4.56791 9.80824 5.17539 8.00401C5.52706 6.95953 6.09459 5.89126 7.03537 5.08C7.70533 4.50227 8.51103 4.10149 9.44696 3.90922C9.50872 3.69984 9.5922 3.49047 9.70471 3.28979C9.91134 2.92122 10.2194 2.57523 10.654 2.33189C11.0827 2.09183 11.5478 2 12 2C12.4355 2 12.8969 2.08208 13.3272 2.31763C13.7695 2.55969 14.0812 2.91045 14.2866 3.28943C14.3999 3.49849 14.4813 3.71787 14.5396 3.93682C15.5444 4.18145 16.3788 4.69659 17.0444 5.38131C17.9498 6.3126 18.4937 7.50224 18.8321 8.60503C19.3645 10.3395 19.4725 12.1499 19.4944 13.1421C19.9371 13.6338 20.3502 14.1627 20.6914 14.626C21.9447 16.3277 20.6148 18.5001 18.7001 18.5001L5.52863 18.5C3.45543 18.5 2.28314 16.1217 3.5458 14.4774Z\" stroke=\"#171616\" \/>\n                        <path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M9.0857 19.3749C9.431 19.1461 9.89639 19.2405 10.1252 19.5858C10.874 20.7159 12.7481 21.0858 13.9 19.5501C14.1485 19.2187 14.6186 19.1516 14.95 19.4001C15.2813 19.6486 15.3485 20.1187 15.1 20.4501C13.2518 22.9143 10.126 22.3027 8.87475 20.4143C8.64596 20.069 8.74041 19.6037 9.0857 19.3749Z\" fill=\"#171616\" \/>\n                    <\/svg>\n                <\/span>\n            <\/button>\n        <\/div>\n    <\/div>\n\n    \n    <script>\n        function triggerButton(button) {\n\n            var container = button.closest('[data-role=\"forward-email-subscription-container\"]');\n            var form = container.querySelector('[data-forward-email-form]');\n\n            if (form) {\n                jQuery(form).find(\"button[type='submit']\").trigger('click');\n            }\n        }\n    <\/script>\n\n<\/section>\n\n\n<h2>Take the high road<\/h2>\n<p>At a tactical level, marketing decision-makers have to work hand-in-hand with web developers and data analysts to not only deploy the right tech but manage its ongoing usage, including monitoring hidden third-party tags in real time. But most of the hard work ahead is strategic rather than tactical.<\/p>\n<p>In order to <a href=\"\/blog\/how-to-respect-data-privacy-in-the-digital-age\/\">respect privacy in the digital age<\/a>, brands have to do better than pop-up check boxes and empty platitudes about compliance. Privacy has to be built into the customer experience as people begin to understand their data, take greater control of it, and welcome more privacy-focused consumer legislation like the California Consumer Privacy Act\u2014coming into effect on July 1 this year.<\/p>\n<p>It remains to be seen whether or not British Airways actually has to pay its eye-watering $237 million fine (compared to Facebook&#8217;s paltry $647,000 pre-GDPR fine for the Cambridge Analytica affair). Either way, its reputation has suffered lasting damage: this is a landmark data breach scandal that will not go quietly into the night sky.<\/p>\n<p>Fortunately, brands that play by the rules\u2014and, more importantly, really <em>mean<\/em> it\u2014can expect minimal turbulence ahead as they plot a course into a privacy-first digital future. Want to know how? We&#8217;ve already laid the groundwork, so let&#8217;s talk.<\/p>\n<p><a class=\"btn blog-contact-btn\">GET IN TOUCH<\/a><\/p>\n<div id=\"pdfDownload\">\n\t\t\t\t\t<script>\n\t\t\t\t\t\twindow.hsFormsOnReady = window.hsFormsOnReady || [];\n\t\t\t\t\t\twindow.hsFormsOnReady.push(()=>{\n\t\t\t\t\t\t\thbspt.forms.create({\n\t\t\t\t\t\t\t\tportalId: 5408011,\n\t\t\t\t\t\t\t\tformId: \"0eaf82af-6eaf-4d93-95d9-a05499620032\",\n\t\t\t\t\t\t\t\ttarget: \"#hbspt-form-1777637218000-3242281614\",\n\t\t\t\t\t\t\t\tregion: \"na1\",\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t})});\n\t\t\t\t\t<\/script>\n\t\t\t\t\t<div class=\"hbspt-form\" id=\"hbspt-form-1777637218000-3242281614\"><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Last summer, just over a year after the introduction of GDPR, British Airways was issued with a record-setting $237 million fine for failing to protect its customers&#8217; personal data. But when BA&#8217;s appeal period came to an end in January 2020, the UK&#8217;s Information Commissioner&#8217;s Office (ICO) delayed its final decision for several more months. [&hellip;]<\/p>\n","protected":false},"author":17,"featured_media":105466,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","reading_level":"Strategic","reading_level_confidence":0.74,"reading_level_needs_review":"0","footnotes":""},"categories":[2903],"tags":[],"class_list":["post-117252","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-strategy"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Behind the Headlines: Lessons from BA&#039;s $237 million data-breach fine | DAC<\/title>\n<meta name=\"description\" content=\"British Airways was fined $237 million for failing to protect customer data, but the ICO has delayed its final decision. What&#039;s going on here?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Behind the Headlines: Lessons from BA&#039;s $237 million data-breach fine | DAC\" \/>\n<meta property=\"og:description\" content=\"British Airways was fined $237 million for failing to protect customer data, but the ICO has delayed its final decision. What&#039;s going on here?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/\" \/>\n<meta property=\"og:site_name\" content=\"DAC\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/DACGroup\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-21T01:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-19T21:44:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/12\/BTH-Series-005.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"860\" \/>\n\t<meta property=\"og:image:height\" content=\"430\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"dwelsh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/09\/DAC-logo.svg\" \/>\n<meta name=\"twitter:creator\" content=\"@DAC_group\" \/>\n<meta name=\"twitter:site\" content=\"@DAC_group\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"dwelsh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/\"},\"author\":{\"name\":\"dwelsh\",\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/#\/schema\/person\/97224ef051611e97a23f8288fdc9e3fe\"},\"headline\":\"Behind the Headlines: Lessons from BA\u2019s $237 million data-breach fine\",\"datePublished\":\"2020-02-21T01:00:00+00:00\",\"dateModified\":\"2024-12-19T21:44:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/\"},\"wordCount\":623,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/12\/BTH-Series-005.jpg\",\"articleSection\":[\"Strategy\"],\"inLanguage\":\"en-CA\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/\",\"url\":\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/\",\"name\":\"Behind the Headlines: Lessons from BA's $237 million data-breach fine | DAC\",\"isPartOf\":{\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/12\/BTH-Series-005.jpg\",\"datePublished\":\"2020-02-21T01:00:00+00:00\",\"dateModified\":\"2024-12-19T21:44:30+00:00\",\"description\":\"British Airways was fined $237 million for failing to protect customer data, but the ICO has delayed its final decision. What's going on here?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#breadcrumb\"},\"inLanguage\":\"en-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-CA\",\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#primaryimage\",\"url\":\"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/12\/BTH-Series-005.jpg\",\"contentUrl\":\"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/12\/BTH-Series-005.jpg\",\"width\":860,\"height\":430,\"caption\":\"||\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.dacgroup.com\/en-ca\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Behind the Headlines: Lessons from BA\u2019s $237 million data-breach fine\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/#website\",\"url\":\"https:\/\/www.dacgroup.com\/en-ca\/\",\"name\":\"DAC group\",\"description\":\"DAC\",\"publisher\":{\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dacgroup.com\/en-ca\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-CA\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/#organization\",\"name\":\"DAC group\",\"alternateName\":\"DAC\",\"url\":\"https:\/\/www.dacgroup.com\/en-ca\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-CA\",\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/09\/DAC-logo.svg\",\"contentUrl\":\"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/09\/DAC-logo.svg\",\"caption\":\"DAC group\"},\"image\":{\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/DACGroup\",\"https:\/\/x.com\/DAC_group\",\"https:\/\/www.linkedin.com\/company\/dac-group\/\",\"https:\/\/www.instagram.com\/dac_group\/\",\"https:\/\/www.youtube.com\/user\/DACgroup1976\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/#\/schema\/person\/97224ef051611e97a23f8288fdc9e3fe\",\"name\":\"dwelsh\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-CA\",\"@id\":\"https:\/\/www.dacgroup.com\/en-ca\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8b63cb8b62244a015779a76d321b9d39d39eca1b3cb2c1fb4e3f5a659e1ea0dd?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8b63cb8b62244a015779a76d321b9d39d39eca1b3cb2c1fb4e3f5a659e1ea0dd?s=96&d=mm&r=g\",\"caption\":\"dwelsh\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Behind the Headlines: Lessons from BA's $237 million data-breach fine | DAC","description":"British Airways was fined $237 million for failing to protect customer data, but the ICO has delayed its final decision. What's going on here?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/","og_locale":"en_US","og_type":"article","og_title":"Behind the Headlines: Lessons from BA's $237 million data-breach fine | DAC","og_description":"British Airways was fined $237 million for failing to protect customer data, but the ICO has delayed its final decision. What's going on here?","og_url":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/","og_site_name":"DAC","article_publisher":"https:\/\/www.facebook.com\/DACGroup","article_published_time":"2020-02-21T01:00:00+00:00","article_modified_time":"2024-12-19T21:44:30+00:00","og_image":[{"width":860,"height":430,"url":"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/12\/BTH-Series-005.jpg","type":"image\/jpeg"}],"author":"dwelsh","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/09\/DAC-logo.svg","twitter_creator":"@DAC_group","twitter_site":"@DAC_group","twitter_misc":{"Written by":"dwelsh","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#article","isPartOf":{"@id":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/"},"author":{"name":"dwelsh","@id":"https:\/\/www.dacgroup.com\/en-ca\/#\/schema\/person\/97224ef051611e97a23f8288fdc9e3fe"},"headline":"Behind the Headlines: Lessons from BA\u2019s $237 million data-breach fine","datePublished":"2020-02-21T01:00:00+00:00","dateModified":"2024-12-19T21:44:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/"},"wordCount":623,"commentCount":0,"publisher":{"@id":"https:\/\/www.dacgroup.com\/en-ca\/#organization"},"image":{"@id":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/12\/BTH-Series-005.jpg","articleSection":["Strategy"],"inLanguage":"en-CA","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/","url":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/","name":"Behind the Headlines: Lessons from BA's $237 million data-breach fine | DAC","isPartOf":{"@id":"https:\/\/www.dacgroup.com\/en-ca\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#primaryimage"},"image":{"@id":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/12\/BTH-Series-005.jpg","datePublished":"2020-02-21T01:00:00+00:00","dateModified":"2024-12-19T21:44:30+00:00","description":"British Airways was fined $237 million for failing to protect customer data, but the ICO has delayed its final decision. What's going on here?","breadcrumb":{"@id":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#breadcrumb"},"inLanguage":"en-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/"]}]},{"@type":"ImageObject","inLanguage":"en-CA","@id":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#primaryimage","url":"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/12\/BTH-Series-005.jpg","contentUrl":"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/12\/BTH-Series-005.jpg","width":860,"height":430,"caption":"||"},{"@type":"BreadcrumbList","@id":"https:\/\/www.dacgroup.com\/en-ca\/insights\/blog\/strategy\/behind-the-headlines-lessons-from-bas-237-million-data-breach-fine\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.dacgroup.com\/en-ca\/"},{"@type":"ListItem","position":2,"name":"Behind the Headlines: Lessons from BA\u2019s $237 million data-breach fine"}]},{"@type":"WebSite","@id":"https:\/\/www.dacgroup.com\/en-ca\/#website","url":"https:\/\/www.dacgroup.com\/en-ca\/","name":"DAC group","description":"DAC","publisher":{"@id":"https:\/\/www.dacgroup.com\/en-ca\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dacgroup.com\/en-ca\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-CA"},{"@type":"Organization","@id":"https:\/\/www.dacgroup.com\/en-ca\/#organization","name":"DAC group","alternateName":"DAC","url":"https:\/\/www.dacgroup.com\/en-ca\/","logo":{"@type":"ImageObject","inLanguage":"en-CA","@id":"https:\/\/www.dacgroup.com\/en-ca\/#\/schema\/logo\/image\/","url":"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/09\/DAC-logo.svg","contentUrl":"https:\/\/www.dacgroup.com\/wp-content\/uploads\/2024\/09\/DAC-logo.svg","caption":"DAC group"},"image":{"@id":"https:\/\/www.dacgroup.com\/en-ca\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/DACGroup","https:\/\/x.com\/DAC_group","https:\/\/www.linkedin.com\/company\/dac-group\/","https:\/\/www.instagram.com\/dac_group\/","https:\/\/www.youtube.com\/user\/DACgroup1976"]},{"@type":"Person","@id":"https:\/\/www.dacgroup.com\/en-ca\/#\/schema\/person\/97224ef051611e97a23f8288fdc9e3fe","name":"dwelsh","image":{"@type":"ImageObject","inLanguage":"en-CA","@id":"https:\/\/www.dacgroup.com\/en-ca\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8b63cb8b62244a015779a76d321b9d39d39eca1b3cb2c1fb4e3f5a659e1ea0dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8b63cb8b62244a015779a76d321b9d39d39eca1b3cb2c1fb4e3f5a659e1ea0dd?s=96&d=mm&r=g","caption":"dwelsh"}}]}},"_links":{"self":[{"href":"https:\/\/www.dacgroup.com\/en-ca\/wp-json\/wp\/v2\/posts\/117252","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dacgroup.com\/en-ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dacgroup.com\/en-ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dacgroup.com\/en-ca\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dacgroup.com\/en-ca\/wp-json\/wp\/v2\/comments?post=117252"}],"version-history":[{"count":0,"href":"https:\/\/www.dacgroup.com\/en-ca\/wp-json\/wp\/v2\/posts\/117252\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dacgroup.com\/en-ca\/wp-json\/wp\/v2\/media\/105466"}],"wp:attachment":[{"href":"https:\/\/www.dacgroup.com\/en-ca\/wp-json\/wp\/v2\/media?parent=117252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dacgroup.com\/en-ca\/wp-json\/wp\/v2\/categories?post=117252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dacgroup.com\/en-ca\/wp-json\/wp\/v2\/tags?post=117252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}