October 8, 2018 / 12:37 PM / 15 days ago

Heathrow Airport fined by UK data protection regulator for failings

LONDON (Reuters) - Britain’s Heathrow Airport has been fined 120,000 pounds ($156,000) by the country’s data protection regulator for “serious failings” in securing personal data held on its systems.

A general view of the Terminals 1,2 and 3 at Heathrow Airport near London, Britain October 11, 2016. REUTERS/Stefan Wermuth/Files

The breach by Heathrow, the busiest airport in Britain and Europe, came to light after an employee lost a USB stick last year which contained personal data on a small number of individuals including staff, which was not password-protected or encrypted.

The regulator, the Information Commissioner’s Office (ICO), carried out an investigation as a result.

“Data Protection should have been high on Heathrow’s agenda. But our investigation found a catalogue of shortcomings in corporate standards, training and vision that indicated otherwise,” the ICO said in a statement on Monday.

Under new legislation on data protection, the EU’s General Data Protection Regulation, which has been introduced since the date of Heathrow’s failings, the airport could have faced a much larger fine.

Amongst the ICO’s concerns were that only 2 percent of Heathrow’s 6,500 staff had received data protection training.

Heathrow is owned by Ferrovial, Qatar Investment Authority, China Investment Corporation and other investors.

($1 = 0.7669 pounds)

Reporting by Sarah Young; editing by Kate Holton

0 : 0
  • narrow-browser-and-phone
  • medium-browser-and-portrait-tablet
  • landscape-tablet
  • medium-wide-browser
  • wide-browser-and-larger
  • medium-browser-and-landscape-tablet
  • medium-wide-browser-and-larger
  • above-phone
  • portrait-tablet-and-above
  • above-portrait-tablet
  • landscape-tablet-and-above
  • landscape-tablet-and-medium-wide-browser
  • portrait-tablet-and-below
  • landscape-tablet-and-below