Suffolk Police has suffered a data breach resulting in the personal information of sexual assault victims being posted on the force’s website. According to the East Anglian Daily Times, hundreds of people may have been affected by the breach.
Suffolk Police force has claimed that “the matter was quickly resolved” and launched an investigation into how it took place, while the force’s commissioner, Tim Passmore, issued an “unreserved apology” for the breach. The Information Commissioner’s Office (ICO) has confirmed that it has received an incident report from Suffolk Police and is assessing the information.
While all data breaches are serious and can have a profound impact on those affected, this was a particularly troubling case that focused on highly sensitive information. In a statement, the support organisation Suffolk Rape Crisis noted that “survivors of sexual violence who have reported to the police are entitled to lifetime anonymity”. They further stressed that the breach “could put women at threat of further violence”.
This incident highlights just how vital it is that the police take their data protection responsibilities seriously. The kinds of data that the police force will hold are extremely sensitive, and the exposure of this data can have serious, life-changing consequences for those affected.
Thankfully, there are sources of support for those who have been impacted by a data breach. This includes seeking compensation from the organisation responsible. In this post, we’ll look at the regulations governing data breaches in the UK and explain how those affected by data breaches can get the compensation they deserve.
The UK’s data protection regulations
The Suffolk Police data breach was first reported on 15th November, with the force stressing that the data was available for only “a short period of time” before being “quickly removed”. Nevertheless, the specifics of the breach are shocking. The information exposed by the breach is alleged to include the names, addresses, and dates of birth of sexual assault victims, as well as details of the alleged offences.
The potential consequences of such information being made public are deeply concerning. The risk posed to victims is significant, and even the simple fact of having this kind of information exposed can be traumatic.
In response to the breach, Suffolk Police stressed their commitment to safeguarding people’s data, noting: “We take our obligations under the Data Protection Act very seriously.”
These obligations are substantial. The Data Protection Act (DPA) 2018, alongside the UK General Data Protection Regulation (GDPR), sets out the responsibilities that organisations processing personal data must fulfil.
The regulations centre on six key principles that organisations must adhere to, including the principle of “integrity and confidentiality”, otherwise known as the security principle. This principle stresses that organisations holding personal data must put measures in place to keep this data secure.
There is a specific section of the DPA 2018 that covers the requirements for law enforcement authorities, who understandably face their own unique challenges when it comes to safeguarding personal data.
The ICO is at pains to stress that the kind of data exposed in the Suffolk Police breach merits special consideration. In their public guidance, they state: “information about victims or witnesses is likely to be sensitive or high risk, and you should take particular care when processing it. […] Processing such sensitive data creates significant risks to the privacy and wellbeing of the individuals concerned.”
The Suffolk Police data breach offers a clear example of these risks. Exposing victims’ information in this manner could pose an immediate risk to their safety, as well as having a broader impact on their health and well-being.
The right to seek compensation for a data breach
The GDPR not only sets out the principles that data processors must abide by, but it also enshrines the right to claim compensation if you have been affected by a data protection breach. This compensation is intended to support those who have suffered material or non–material damage as a result of a data breach. Relevant forms of damage can include:
- Reputational damage
- Loss of earnings
- Identity theft
If you have experienced any or all of these consequences as a result of an organisation mishandling your data, it’s important to consider pursuing a compensation claim. While compensation won’t undo the damage caused by a data breach, it can go some way to helping you move on from the incident.
Those who have been affected by the Suffolk Police data breach should have been contacted directly by the force, as this is a key requirement under the DPA 2018. If you have been contacted, you may wish to pursue compensation, particularly if your well-being has been affected by the incident.
HNK can support your data breach compensation claim
While not all data breaches are as severe as this recent incident, any loss of control over your personal information can have damaging consequences. However, without expert help it can be difficult to know if you might have a valid claim and what further steps you should take.
If you are considering a data breach compensation claim, it’s important to consult a solicitor with experience in this area. The UK’s data protection regulations are complex, and seeking expert legal support can help to ensure you get the compensation you deserve.
As our case studies show, HNK Solicitors have a proven track record of helping victims of data breaches successfully claim compensation. We offer free, no-obligation consultations to help you decide if you may be entitled to compensation. If we do think you have a valid claim, we can help you to pursue it on a no-win, no-fee basis. To find out how we can help you, fill out the contact form on our website or call us on 0151 668 0812.