Heathrow Airport Limited has been fined £120,000 (€140,000). The company behind the airport in London has not paid enough attention to data protection. A USB stick with personnel data was lost.

The fine was imposed by the Information Commissioners Office (ICO) for a serious violation of the seventh Data Protection Principle. One of Heathrow’s employees lost a USB stick that contained more than a thousand easily accessible, unencrypted files.

Public data

The USB stick contained data about employees. These include names, dates of birth and passport numbers. The data on the airport’s security staff was also leaked. That is a bad thing, because the data ended up in the media that copied the data before the USB stick was returned.

Data protection should have been high on Heathrow’s agenda, says ICO research director Steve Eckersley in a statement. But our research points to a series of shortcomings in terms of business standards, training and vision. Data protection is a matter for management and it is crucial that companies have the policies, procedures and training in place to minimize any potential vulnerabilities around personal information.

Heathrow was not only fined for losing the USB stick, but was also fined for its weak data protection policy. Only two percent of the more than 6,000 employees have received data protection training. The company behind the airport can be happy; the leak took place before GDPR took effect. Had it taken place later, the fine could have been much higher.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.