Privacy Unpacked Episode 7 - Lessons from Capita: Understanding the ICO's approach to cybersecurity enforcement
Contacts
Associate
UK
I am an associate in our Privacy and Data Protection Group, based in London. I advise UK and international clients on technology, data protection and privacy issues.
Senior Associate
UK
I am a senior associate in our Data Protection and Telecommunications Regulatory groups based in London and I advise clients on the global challenges facing the digital and communications sector as well as providing counsel on new technologies and their relationships with the use of data.
On 15 October 2025, The Information Commissioner's Office (ICO) imposed a combined monetary penalty of £14 million on Capita plc and Capita Pension Solutions Limited (CPSL). This fine followed a significant cyber-attack in March 2023 that compromised the personal data of over 6.6 million individuals.
In our seventh episode of Privacy Unpacked, Matthew Buckwell (Senior Associate, UK) and Laura Goold (Associate, UK) examine what went wrong, the key lessons for organisations, and what this tells us about the ICO's approach to cybersecurity enforcement.
Tune in now for key insights to stay ahead of the curve!
Listen to our podcast via the links below:
CLICK HERE TO LISTEN TO OUR PODCAST ON SPOTIFY
Latest insights
More Insights
Key Revisions and Compliance Recommendations of the PRC Cybersecurity Law
7 minutes Feb 09 2026
China Cybersecurity and Data Protection: Monthly Update – January 2026 Issue
20 minutes Feb 06 2026
Facial recognition and the Privacy Act: a clearer (but stricter) line for businesses
3 minutes Feb 06 2026