For every organization, ethics is a basic conduct to do. Corporate governance and accountability is just another concept that is closely connected with ethics, The subject of corporate governance demands an organization to act in a responsible manner towards all of it is stakeholders. The current corporate world is much depended on technology and hence in such a scenario, it becomes the social responsibility of every corporation to keep the data of their customers secure in every way possible. Every nation has different laws and legislation to deal with the issue of data breaches. For instance, the European government has introduced the General Data Protection Regulation (GDPR), 2016/679 in the area of security data breach and protection. This assignment is mainly focused on the issue of a serious data breach. The study of the topic is very significant to understand the consequences of such events for the corporation as well as affected stakeholders. The same is also important for the reason that events of data breach lead a failure to corporate governance of a company. In the given assignment, a company will be selected an reviewed in respect to data breach issue and at last the possible consequences on the company of such breach will be discussed.
The company chosen for this research assignment is British Airways that recently has been reported a failure in the protection of personal data of it is customers. As the name of the company implies itself, the same is engaged in the business of flag carrier. This company is the largest airline company in the UK on the basis of fleet size and second largest airline of UK when it comes to passengers carried (Plunkett, 2008). The company has established in the year 1974 after the establishment of British airway Board by British Government. A company named BA CityFlyer is the wholly owned subsidiary company of British Airways (Lashley and Morrison, 2007). The company remains engaged in the performance of loyalty programs. British Airways provides many of the facilities to its customers such as short haul, Mid haul, and long haul. In addition to this, different kinds of cabins are also available for the customers from the side of British Airways (hereinafter referred to as BA).
It is no wonder in stating that many of the incidents and accidents have happened with BA. For example, in the year 2008, one of its flights suffered from a crash land issue (Simpson, 2014). Further, recently in the year 2018, an attack on the website of the company has been reported. In the discussion below, the detailed information regarding this cyber-attack is mentioned.
A statement has come out from the side of British Airways that people who made a booking of flight tickets with BA between a specific period i.e.21 August 2018 to 5th September 2018 can suffer from an issue of data Breach (Whittaker, 2018). The company has not informed much about the issue. It is not a general data breach but the same affected around 380000 customers. Their personal data has been stolen. After a detailed study of this data breach case, experts have stated that data of such customers probably would be available on the internet for the sale soon.
It was a clear breach of corporate governance. Although BA has not done anything with a wrong intention, yet the company failed to protect the data of customers. The cybersecurity officer assumed that personal data of the customers of BA such as details of credit cards, CVV written on the same and contact number might already exist there on the dark web. Dark web is a term that commonly refers to a corner of the internet that can only be accessed with the help of some software, that are developed with the intention of data breaches mainly (Vilches ,2017). Paul Lipman, chief executive of cybersecurity company Bullguard also said that the credit data was almost prepared for the movement of the dark web.
The data of 380000 customers fallen into danger overnight (Thehindubusinessline.com, 2018). BA made a statement that the data has not been stolen while the encryption but the hackers used some more powerful and very sophisticated techniques and methods. In the investigation process, cybersecurity experts said that as CVV of the card was also involved in the stolen data, it is clear that hackers have stolen the data at the time when the customer was filling their information on the website and not the later on from the database of the company. A cybersecurity expert and head of research Simon Migliano, provided an estimation of the cost of stolen data and stated that it could worth of £21.5m in total (theguardian.com, 2018). This was a very significant amount.
Moving towards the security law of the nation, this is to be stated that section 2 of the Data Protection Act 2018 that one should process personal data of individuals carefully, fairly and lawfully. Section 3 (2) of the act provides a definition of data (Legislation.gov.uk, 2018). The act provides the manner in which personal data of individuals should be processed and provides that what activities, one should not adhere while dealing with the personal data of others. Here, in the subjective case, BA breached certain provisions of this act as the same failed to secure the data of customers, irrespective of the fact that it was not on a fault. Most of the provisions of current data security act are similar to GDPR (Local.gov.uk, 2018). As company breached the provisions of the subjective act, this can be stated that the same also failed to provide security to the data of its customers under GDPR.
Whenever a company fails to comply with the regulations of privacy or data protection law, many adverse consequences come across. At the first instance it seems like that the only affected people are those whose data was stolen, but after a details study of such issues, one can get to know that a company also suffers from many losses, whenever same fails to provide security to the personal data of customers and other stakeholders. In the studied case also, British Airways faced many risks and adverse consequences after the incident of a data breach. These risks and consequences are mentioned as below.
British Airlines made a promise that no customer will face out of pocket expenses cause of this cyber-crime incident. However, BA has not made any comment on the lawsuits but commented on the direct losses suffered by the customers. BA stated that the company would reimburse every direct loss that the customers faced because of data breach incident. BA also recommended that the customers who have their bookings during the period 2:58 BST August 21, 2018, and 21:45 BST September 5, 2018, can contact their card providers or banks to check out the balance details. These were direct damages that BA got ready to pay the victim parties. Nevertheless, what about the indirect losses and damages? Special Protection Group (SPG) law said that BA is also responsible to pay the indirect damages to victims as they have suffered from mental stress and inconveniences because of data breach incident (Theweek.co.uk, 2018). SPG law made a reference of article 82 of GDPR and said that even law provided damages for the non-material breaches. It is a risk that BA can face in future because SPG Law stated that the same will bring a collective claim for the non-material damages on behalf of multiple victims.
It means BA is at a risk to pay the material as well as non-material damages to victims that will affect the financial condition of the company in the future.
If it happens, the company would have to pay a penalty of either 4% of global turnover or £17 million, whichever is greater. In the last December, the company has achieved a turnover worth £12.2 billion, and hence in this manner, a company can face a fine worth £500 million (Irishexaminer.com, 2018).
Conclusion
To conclude the issue, this is to be stated that data breach incident brought and expected to bring many negative results to the company. It was a serious breach and affected almost 400000 valuable customers. Irrespective of the fact that the company was not guilty in actual, it led out an issue of breach of corporate governance. The case cannot be treated as an ethical breach as the company has not done anything with a wrongful intention and apologized to the public for the happening of the incident. After analyzing the whole issue, this is to say that the company can face many of the issues in the coming future including the financial as well as non-financial losses. New privacy law regulations are very new in the area and British Airways can be held liable under the same. Now, the company is required to be more concern and care and to notify the authority within 72 hours of data breach incident according to the provisions of GDPR. In addition to this, the company needs to understand that how valuable the data of customers are and therefore is advised to comply with the provisions of GDPR.
References
Irishexaminer.com. (2018) British Airways could face £500m fine as regulators probe data breach. [online] Available from: https://www.irishexaminer.com/breakingnews/business/british-airways-could-face-500m-fine-as-regulators-probe-data-breach-867441.html [Accessed on 30/10/2018]
Lambert, P., (2016) The Data Protection Officer: Profession, Rules, and Role. New York : CRC Press.
Lashley, C., and Morrison, A.(2007) Franchising Hospitality Services. Oxon: Routledge.
Legislation.gov.uk. (2018) Data Protection Act 2018. [online] Available from: https://www.legislation.gov.uk/ukpga/2018/12/pdfs/ukpga_20180012_en.pdf [Accessed on 30/10/2018]
Local.gov.uk. (2018) General Data Protection Regulation (GDPR). [online] Available from: https://www.local.gov.uk/our-support/general-data-protection-regulation-gdpr [Accessed on 29/10/2018]
Plunkett, J., W. (2008) Plunkett’s Airline, Hotel & Travel Industry Almanac 2009: Airline, Hotel & Travel Industry Market Research, Statistics, Trends & Leading Companies. Plunkett Research, Ltd.
Schwartz, M., J. (2018) British Airways Faces Class-Action Lawsuit Over Data Breach. [online] Available from: https://www.bankinfosecurity.com/british-airways-faces-class-action-lawsuit-over-data-breach-a-11478 [Accessed on 30/10/2018]
Simpson, P., (2014) The Mammoth Book of Air Disasters and Near Misses. UK: Hachette UK.
theguardian.com. (2018) BA customers’ credit card details ‘probably already for sale’. [online] Available from: https://www.theguardian.com/business/2018/sep/07/ba-british-airways-customers-hacked-credit-card-details-dark-web [Accessed on 29/10/2018]
Thehindubusinessline.com. (2018) British Airways web site suffers data breach. [online] Available from: https://www.thehindubusinessline.com/economy/logistics/british-airways-web-site-suffers-data-breach-380000-payments-affected/article24890064.ece [Accessed on 29/10/2018]
Theweek.co.uk. (2018) British Airways data breach: customers entitled to ‘distress’ compensation. [online] Available from: https://www.theweek.co.uk/96327/british-airways-data-breach-how-to-check-if-you-re-affected [Accessed on 29/10/2018]
Vilches, J. (2017) The Dark Web: What Is It and How To Access It [online] Available from: https://www.techspot.com/article/1177-dark-web/ [Accessed on 30/10/2018]
Whittaker, Z. (2018). British Airways customer data stolen in data breach. [online] Available from: https://techcrunch.com/2018/09/06/british-airways-customer-data-stolen-in-data-breach/ [Accessed on 29/10/2018]
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download