Privacy Unpacked Episode 7 - Lessons from Capita: Understanding the ICO's approach to cybersecurity enforcement
Contacts
Associate
UK
I am an associate in our Privacy and Data Protection Group, based in London. I advise UK and international clients on technology, data protection and privacy issues.
Senior Associate
UK
I am an associate in our Commercial Group, and I advise clients on the global challenges facing the digital and communications sector as well as providing counsel on new technologies and their relationships with the use of data.
On 15 October 2025, The Information Commissioner's Office (ICO) imposed a combined monetary penalty of £14 million on Capita plc and Capita Pension Solutions Limited (CPSL). This fine followed a significant cyber-attack in March 2023 that compromised the personal data of over 6.6 million individuals.
In our seventh episode of Privacy Unpacked, Matthew Buckwell (Senior Associate, UK) and Laura Goold (Associate, UK) examine what went wrong, the key lessons for organisations, and what this tells us about the ICO's approach to cybersecurity enforcement.
Tune in now for key insights to stay ahead of the curve!
Listen to our podcast via the links below:
CLICK HERE TO LISTEN TO OUR PODCAST ON SPOTIFY
Latest insights
More Insights
CJEU’s Russmedia decision: how online marketplace platforms could be held liable under the GDPR
7 minutes Dec 03 2025
