United Kingdom: Issued ruling in ICO investigation into DSG Retail concerning alleged data protection violations

On 9 January 2020, the Information Commissioner’s Office (ICO) issued a ruling in its investigation into DSG Retail Limited (DSG) concerning data protection violations. The ICO fined DSG GBP 500,000 (approx. USD 640’000) for failing to secure the personal information of at least 14 million people. An ICO investigation revealed that between July 2017 and April 2018, malware was installed on 5'390 tills in Currys PC World and Dixons Travel stores, leading to unauthorised access to 5.6 million payment card details and personal information. The fine, the maximum under the Data Protection Act 1998, was imposed due to inadequate security measures and the company's failure to protect personal data.