Discovering that your personal information has been manipulated, stolen or lost in a data protection breach is upsetting and stressful. Determining what was taken, by whom, where your data is now, and what impact it will have on your life isn’t a pleasant experience. However, with this simple guide, finding out what your next steps are and how to report a breach of data protection doesn’t have to be anxiety-inducing.
No one is immune from becoming a victim of a data breach. In June this year, an unverified report stated that data pertaining to almost a billion Chinese citizens was stolen by a hacker and is now for sale for ten bitcoins (equivalent to approximately £165,000). If the breach is verified, it will be one of the biggest data breaches in history.
Under the Data Protection Act (2018) and General Data Protection Regulation, any organisation storing your private data has a legal duty to keep it safe and protected. If they fail to adhere to them, they are liable for any losses or stress they’ve caused you.
How to Report a Breach of Data Protection
Any data that can personally identify you is classified as sensitive and can include:
- Your name
- Your address
- Bank details
- Medical records
The personal information may have been lost, destroyed, altered or accessed by individuals that don’t have your explicit permission to view them. It may have occurred accidentally, due to human error, or illegally, from a cyber-attack.
Depending on how sensitive the data is, the impact it will have on your day-to-day life will vary. In the most severe cases, you could be entitled to significant compensation. Find how to claim compensation from a data protection breach here.
Over a nine-month period in 2017 and 2018, Dixons Carphone was the victim of a cyber attack which granted hackers unauthorised access to over five million card details and over 14 million people’s names, addresses and credit check status. Dixons was fined £500,000 as the Information Commissioner’s Office (ICO) found the company had taken inadequate measures to protect itself from cyber-attacks.
While a breach can cause a material loss, typically financially, a data protection breach can impact your mental wellbeing. If you’re a victim, record both material and immaterial losses and inform the relevant regulatory body.
Who do You Report a Breach of Data Protection to?
To report a breach of data protection, make a complaint with the company that failed to safeguard your private information. You have the right to make a complaint when the organisation:
- is failing to keep your data secure
- has inaccurate personal data on record
- has personal information that you did not grant it permission to hold
- is being dishonest about how it’s using your data or how long it’s keeping it on record
- is not being transparent about what data it holds regarding yourself
- is not acting in accord with data protection laws
Be clear with the company about what losses you’ve suffered and what emotional turmoil has resulted from their data protection breach. Explain what compensation you expect from them to repair the damage caused. To make a complaint, write to the company as soon as possible. If they don’t respond within 30 days, report them to the ICO.
The ICO is an independent authority that enforces data privacy and can issue fines to businesses and organisations in breach of data protection legislation. While they cannot award compensation to affected parties, they can advise you on how much compensation they believe you deserve. If the ICO finds the organisation guilty of a data protection breach, this can be influential on any further action taken against the company.
If you’re unsuccessful in resolving your data protection breach dispute with the company directly, the next step is to take them to Court. Get advice from a solicitor who specialises in data protection legislation, and be sure to bring along appropriate evidence to help your case, such as:
- a letter from the ICO finding the organisation guilty of breaching data protection legislation
- Any relevant documents or statements
You can make a data breach claim against an individual, a group of people or any public or private organisation if they have failed to observe data protection laws.
How Long do You Have to Report a Breach of Data Protection?
The current limitation period on reporting a data protection breach is six years from when the organisation informed you of your information breach. Group action cases, where a number of individuals are pursuing legal action, may have a separate date by which you must join the case to be eligible for compensation.
How to Make a Claim for a Breach of Data Protection
To make a successful claim, you need to prove in court that the company was responsible for the lapse in information protection – resulting in a potential loss or theft of private details. Furthermore, the company is liable for any resulting damages to yourself – emotionally or financially – which were a side effect of the breach.
A data breach claims specialist can assess whether your case is likely to succeed and how much compensation you can receive. If successful, it can ensure the business takes robust measures so that your data isn’t at risk from leaks or have it removed from their database entirely.
HNK Solicitors Can Help You if You Need to Report a Breach of Data Protection
If you believe you’ve been the victim of a breach of data protection, get in touch with HNK Solicitors today. Email us at email@example.com, give us a call on 0151 668 0816, or fill in the enquiry form on our website to arrange your free consultation with one of our experts. We are experts in the field of data protection claims and can get you the compensation you deserve.
We offer a no-win, no-fee service, so you don’t pay a penny to start your claim. Get in touch with us today to arrange a free consultation, and we can determine whether you’re entitled to make a claim.