The Royal Mail had to take down its Click & Drop service on the 1st of November after a data breach resulted in customers being able to see other users’ information.
At 1 pm, customers began to report seeing details of people’s orders, customer’s details, and business’s order history. The Royal Mail attributed the leak to a technical glitch.
The Royal Mail took the service down an hour later and released the statement:
“We have been made aware there was an issue affecting Click & Drop that meant some customers could see other customer’s orders. As a protective measure, we have stopped access to Click & Drop temporarily.”
They restored the service by 6 pm that evening. It’s designed to let users print labels, track their packages and pay for postage online.
The next day users took to Twitter to complain that the site still wasn’t working, and some people were charged twice for a label they never received.
Did the glitch breach data protection legislation?
The UK General Data Protection Regulation (UK GDPR) has seven principles, that all organisations that store data must adhere to. It was enshrined into law to keep your data safe and secure.
- Lawfulness, fairness and transparency
- Limited storage
- Limited use
If an organisation violates any of those principles and data is lost, exposed, or taken, the victim is eligible for compensation. The company will also need to inform the Information Commissioner’s Office (ICO), which will perform its own investigation.
However, the ICO did release a statement the day after the breach saying that the Royal Mail had not informed them of a breach. They further clarified there is no need for an organisation to report a data breach to them unless it poses “a risk to people’s rights and freedoms.”
If personal information leaked in the breach, such as names, addresses, or bank details, then the Royal Mail would be in breach of the UK GDPR. Failure to report the breach to ICO would therefore be unlawful.
Our team of data breach specialists can help you with your claim
If you’re concerned that your data may have been exposed in the Royal Mail breach, get in touch with us, and we can investigate on your behalf. Our solicitors are experts in data protection legislation and can help you get the compensation you deserve.
We understand that when you hand your personal information over to an organisation, you expect it to be kept safe and secure. If a company fails to adhere to GDPR, there can be serious financial and psychological consequences, which could entitle you to compensation.
We offer a no-win, no-fee service, so you won’t have to pay a penny until you receive your award.