Abstract
This paper discusses the finding of the Information Commissioner’s Office (ICO) against Ticketmaster UK Limited (Ticketmaster), which was fined £1.25m by the ICO for failing to keep its customers’ personal data secure. The Information Commissioner determined that Ticketmaster’s failure constituted a breach of the General Data Protection Regulation. In its findings, the ICO held the company should have done more to reduce the risk of a cyber-attack, including in relation to its use of third-party JavaScript on the payment page of its website. Ticketmaster’s breach led to millions of individuals in the United Kingdom and Europe being exposed to potential fraud. The financial sanction sends a message to other organisations ‘that looking after customers’ personal data safely should be at the top of their agenda’. Ticketmaster has indicated that it will appeal the fine. This paper additionally provides some practical tips to data protection practitioners to mitigate against similar breaches.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
