Originally Posted by
ThatT1Feeling
Looking at BA’s twitter feed this morning, they’re saying they’re not offering compensation for the data breach. It’s not clear if this is a holding position or the formal ongoing policy. If they’d fulfilled their responsibilities and still got hacked, then that’s one thing. But they have clearly not followed the regulations on GDPR and PCI and saved money in the process, inconveniencing many of us through their conscious cost-cutting and transferring the burden onto us. That isn’t good enough in my opinion.
PCI is a complete red herring. On GPDR, BA will be investigated and probably fined. That will teach them not to try and cut costs. Public interest is thereby served. What else do you want?
The problem with these rhetorical positions on why BA owe you something is that they have no legal force. You might be able to claim for time (though this hasn't cost me any of that, I followed the AMEX instructions to do nothing). The ambulance chasers are suggesting mental anguish (didn't suffer from that myself). There might be, when the GPDR fine position is clearer, some gesture from BA, but you're in no more danger than if you forget to select the "private" option on the electoral roll.