When you hand your personal data over to an organisation, you expect them to keep it safe. Multiple laws are in place to ensure that companies and public bodies protect your private information. Despite this, it’s becoming increasingly common to become the victim of a personal data breach. In July, August, and September this year, a private account was hacked every second.
The consequences of losing your data in a breach are sometimes devastating and life-altering. Understanding what constitutes personal data and what a breach is can help you to protect yourself from the worst ramifications, should you fall victim.
What is personal data?
Any information that can identify you is considered personal data and has specific protections serving it. This can include:
- Your name
- Medical records
- Your date of birth
- Bank details
- Your address
Your name and address getting into the wrong hands can have serious implications for your safety. Furthermore, losing your bank details can result in substantial financial losses. Not only can a personal data breach result in significant material losses to yourself, but the toll the experience may take on your mental health is not to be dismissed.
What is the law surrounding a personal data breach?
Any organisation that holds your data is required by law to keep it safe. Firstly, the Human Rights Act enshrines into law your right to respect for your personal information.
Secondly, the UK General Data Protection Regulation (UK GDPR) is considered some of the strongest legislation concerning data protection in the world. It not only requires that organisations that collect data must have provisions in place to protect it, but it forces them to inform you if your data was compromised. They also must report the breach to the Information Commissioner’s Office, which can impose fines on companies that fail to keep your information secure.
Finally, the Data Protection Act 2018 states that your data must be used “fairly, lawfully and transparently,” and only accessed when absolutely necessary. If a public or private body doesn’t protect your information, you are entitled to claim compensation.
How can a data breach happen?
A personal data breach may be the result of a malicious attack on a company, often via a technological weakness. If a hacker finds a weakness in an organisation’s security protocols and gains access to their servers, they can take the information and use it to serve their own purposes, hold the data for ransom, or erase records.
The more sensitive the data, the greater the degree of distress a personal data breach can cause. Medical records are considered highly private, and any loss of information could result in treatment delays that could seriously impact your quality of life. In August this year, a system responsible for managing calls to the NHS’s 111 service was hacked, leading to a widespread outage which meant people were unable to get medical advice.
If an individual is careless with private records or a piece of technology, like a phone or laptop, an opportunist may steal them, and the information they contain can fall into the wrong hands.
However, intentions aren’t always malicious, and an organisation may accidentally hand personal data to the wrong recipient. Inaccurate data entry can result in your private information reaching the wrong person, such as when Bury Council mixed up addresses and subsequently lost control over highly sensitive information that could be held against someone.
A personal data breach can also happen when data is used outside of its stated purpose. You have the right to decide how your private information is used, and organisations must adhere to your wishes. If they veer away from what you have explicitly permitted them to do, then they are acting unlawfully, and you may have a claim.
Furthermore, a company that holds your data, whether that’s a public body like the police or a private business, is required to keep your records up to date. Any negligence in this duty that is detrimental to you, is not in line with current legislation.
How will I know if I was the victim of a personal data breach?
Under UK GDPR, companies are legally obliged to inform you if your data was compromised in a data breach. The details they must provide include:
- What information was lost in the breach
- Likely consequences and how you can protect yourself against dangerous implications
- Measures the organisation has taken following the breach
- A contact point where you can get more information
If you were the victim of a personal data breach, more often than not you’re recommended to change your passwords to something strong and unique. Most sites and apps will have the option to force all gadgets logged into your account to re-enter your password, hopefully forcing any malicious agents out of your account.
Furthermore, be vigilant for phishing emails — an email posing to be from a trusted source, such as your employer or bank, trying to get your private data.
Can I make a claim if my data was lost in a breach?
Any organisation that holds onto your private data is legally required to protect it. If they fail to exercise all reasonable measures to protect your information, you are entitled to compensation, particularly if you suffered either a financial loss or psychological damage. You have six years from the incident to make a claim.
To make a claim, get in touch with the organisation that suffered the breach and discuss suitable reparations with them. However, companies regularly try to dismiss the concerns of those affected by a breach. That’s why we highly recommend consulting a solicitor to help you with your personal data breach claim.
HNK Solicitors can help you with your data breach claim
You don’t have to suffer the consequences of a personal data breach alone. We know how devastating it can be to have your personal information get into the wrong hands and the financial and emotional percussions that come with it.
We have a team of expert data protection solicitors that can help you to make a successful claim. We operate a no-win, no-fee service, so until you receive your compensation, you don’t have to pay a penny. Get in touch with us today by sending an email to email@example.com, calling us on 0151 668 0816, or filling in our online claim form, and one of our advisors will be in touch.