, ,

An overview of data protection law – and other key legislation – in the UK

data protection law

Many organisations across the UK have struggled to keep up with changes in data protection law and the use of technology. And this is leaving people vulnerable. But what essential data protection laws keep us all safe online?

The Data Protection Act

The Data Protection Act exists to protect the privacy of individuals. It is the UK’s interpretation of the EU’s General Data Protection Regulation (GDPR).

A data protection breach happens when personal data is wrongly accessed, altered, disclosed, destroyed, or lost. Personal data makes it possible to identify a person. Either on its own or when used with other information.

Breaches of data protection law can be accidental or deliberate. Quite often, we use “breach” and “hack” interchangeably. But there are some differences.

  • A data breach refers to any situation where data has been put at risk. A data breach can occur because of cybercriminals, or by human error, negligence and poor security processes
  • A data hack happens when people with malicious intent break into a company’s systems. Usually to steal information.

Hackers do not cause the majority of data protection law infringements. But, in each of these instances, data can be exposed and put at risk. As such, identity theft often occurs after a data breach as well as a data hack.

The Data Protection Act is the primary legislation used to bring data protection breach and cybercrime compensation claims. But, in some cases, other legislation could also help to make a data breach case.

The Computer Misuse Act

The Computer Misuse Act helps to stop people from using computers for illegal purposes. The Act covers:

  • Unauthorised access (hacking)
  • Accessing material with the intention to commit illegal activity (e.g. fraud, blackmail, etc.)
  • Making changes to data stored on a computer without permission (e.g. installing malware or viruses).

People often don’t know that they are breaking the Computer Misuse Act. For example, if you access another person’s social media accounts without their permission, you’re breaking the law.

The Copyright, Designs and Patents Act

The Copyright, Designs and Patents Act gives the creators of literary, dramatic, musical, and artistic work the right to control how their material is used. Organisations and individuals must understand how this legislation affects them. For example, using images found on Google and adding them to blogs.

The Privacy and Electronic Communications (EC Directive)

The Privacy and Electronic Communications Regulations (PECR) governs email marketing. The EU will be releasing a new ePrivacy (ePR) regulation. But until then, PECR applies.

PECR gives people specific privacy rights concerning electronic communications. For example, there are rules on:

  • Marketing calls, emails, texts and faxes
  • Cookies (and similar technologies)
  • Keeping communications services secure
  • Customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings

The ICO has several ways of taking action to change the behaviour of anyone who breaches PECR. This includes criminal prosecution, fines and audits.

Protection from Harassment Act

The Protection from Harassment Act protects the victims of harassment. This includes stalking, racial harassment, and anti-social behaviour by neighbours. It was drafted to tackle any form of persistent conduct which causes another person alarm or distress.

Today, tech abuse often falls under this act. Common forms of abuse include using social media to harass and stalk, monitoring calls and messages, exploiting phone tracking software, and installing cameras around the home.

Malicious Communications Act

The Malicious Communications Act makes it illegal to “send or deliver letters or other articles for the purpose of causing distress or anxiety”. It also applies to electronic communications. Communications sent via social media could also breach this act.

Human Rights Act

Respect for fundamental human rights underpins data protection laws. As such, the Humans Right Court frequently deals with data protection-related matters.

In the UK, The Human Rights Act sets out the fundamental rights and freedoms that everyone is entitled to. Part of this act is your right to respect for your private life, your family life, your home and your correspondence (e.g. letters, telephone calls and emails). What this means is that you have the right to live your life privately without government interference.

Making a data breach or cybercrime claim

If you want to make a data breach or cybercrime compensation claim, contact Hayes Connor Solicitors ASAP. We’ll review your case against all applicable legislation and advise you on whether you have a valid claim. We’ll also answer any questions you might have and go through your options with you. Our process is fully compliant with ICO guidance. And we never put your details at risk.

Contact Hayes Connor Solicitors today for a free, no-obligation, initial assessment of your case.