data breach
,

How to stop your phone from tracking your every move

Did you know that some companies are using your smartphone to track you throughout the day? And quite often you will have agreed to this personal surveillance simply by agreeing to the terms and conditions of using a service.

If you are worried about the likes of Facebook and Google using your phone to keep tabs on you, there are some steps you can take to take back ownership of your personal data and privacy.

How to protect your privacy

  • Turn off location history
  • Delete your location history
  • Delete apps that you no longer use from your device
  • Avoid apps that demand access to a huge amount of personal data (e.g. Facebook Mobile). Instead you can access these services via a browser with a private mode
  • Check the default settings of all the apps you use.

However, when you turn off location history, Google still tracks your location when you use key services including Maps, search and weather. To prevent Google from doing this:

Android

  • Go to Settings
  • Select Google
  • Select Google Account
  • Select the Data & Personalisation
  • Select Web & App Activity and toggle off

IPhone

If you really want to prevent your phone from tracking you, you should also turn off location services on your iPhone or Android device and only turn this back on when needed (e.g. when you want to use Google Maps). However in doing so your phone will feel a whole lot less useful.

Check out this page to see everywhere you have been with your phone.

Our website is changing

Our website is changing!

At Hayes Connor, we want to reduce the number of data breaches taking place across the UK. As such, we are raising awareness of data privacy and cybercrime, and educating people and businesses to prevent data privacy violations from happening.

To help us to do this, we have recently reviewed the look and flow of our website to make sure you can find everything you need as quickly as possible. And, following this review we are now making some small changes to our site.

While we make these changes you might find that our website isn’t working exactly how you would expect it to.

Thank you for sticking with us while we make things better.

data breach solicitors
, , ,

What can happen when medical information falls into the wrong hands?

The world is rapidly going digital. And, this online information revolution has seen most organisations move away from paper record keeping. However, over the last few years, such information has proved a lucrative target for hackers.

But, when it comes to information falling into the wrong hands, in most cases, it is human error rather than cybercrime that is the biggest cause of data breaches. And, these errors are just as likely to happen offline.

In a recent case, our solicitors saw the impact of what can happen when sensitive medical information was sent to the wrong address by mistake.

What happened in this case?

In this data breach, HM Courts & Tribunals Service (HMCTS) sent a copy of a confidential medical report to a person’s former partner by mistake. The report from a doctor said that the man (our client) was depressed and suicidal.

Once our client’s ex read the report – a document that she should never have had access to – she used its contents in an application to reduce his contact with his children. This application was successful (the court was not aware how this information was obtained).

As a direct response of the admin error, this data breach has had a devastating impact on our client. Having reduced contact with his children has caused him considerable distress and upset as well as aggravating his mental health problems.  So, in this case, the consequences have been particularly severe.

What can you do to stop this from happening to you?

When handing over your postal address to an organisation, it is vital that you check that these details have been taken down correctly.  You are completely within your rights to ask for a copy of the data an organisation holds about you. This is called making a subject access request (SAR). This won’t guarantee that an error doesn’t result in information going to the wrong address, but it is a good safety precaution to take. Find out more about making a SAR.

You should also ask any organisation that has access to your medical records about what type of information they share and with who.

You can also choose not to have your medical information shared or used for any purpose beyond providing your own treatment or care. This choice is known as a national data opt-out. Find out more about the national data opt-out.

Of course, there may be instances (as in this case) where you need or want to share this information. Likewise, your confidential patient information may still be used when there is a legal requirement to provide it.

Lessons learned

The duty of confidentiality goes beyond undertaking not to divulge confidential information; it includes a responsibility to make sure that written patient information is kept securely.

If you are an employee of a medical organisation or a government agency or department and you want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the addresses of your customers are correct. This is especially important if you deal with sensitive information such as medical reports. Such steps could include things like additional data protection training, and checks and balances on systems generating correspondence.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

notjusthackers
, , ,

Woman threatened after her gym shared her home address with another customer

Data breaches are never out of the news. But while most of us worry about getting our identity or money stolen after a hack, we don’t tend to consider the possibility of physical threats. But, in a recent case, our solicitors saw the impact of what can happen when a woman’s address was handed to an angry customer by mistake.

What happened in this case?

In this data breach, a gym provided a woman’s personal details (our client) to another customer who shared her name.

This other person had received emails from the gym intended for our client. The emails were sent chasing missed payments. Confused as to why she was receiving the emails, the other woman became concerned that she had become the victim of identity theft. And, when she questioned the outstanding payments with the gym, a member of staff supplied her with our client’s home address.

Following this, the woman’s father went to our client’s home and banged on her door, accusing her of attempting to “clone” his daughter’s identity. Our client was at home with her two young children, one of who is disabled, and she found this experience both frightening and upsetting.  She then contacted the gym to find out what was going on and received an apology for the mix-up.

However, the other woman’s father still did not understand that our client was not at fault. And, when our client returned from holiday, she received three letters from him, all of which contained threats. As a result, she reported the incident to the Police and Action Fraud.

It seems despite becoming aware of the situation, the gym continued to send emails to the wrong woman demanding payment. These emails also disclosed some of our client’s bank card number.

As a direct response of poor systems, and a failure to cross-reference their systems to identify distinguishing features between both customers, this data breach has caused our client considerable distress, upset and even fear. As such the consequences of the error were particularly upsetting.

Have you been in a similar situation? Contact us today.

What can you do to stop this from happening to you?

There are a few lessons that can be learned from this case. For example, when handing over your email address to an organisation, it is vital that you check that these details have been taken down correctly.

You are completely within your rights to ask for a copy of the data a business (or any other organisation) holds about you. This is called making a subject access request (SAR). Find out more about making a SAR.

Of course, this won’t guarantee that an error doesn’t result in an email going to the wrong address, but it is still a good safety precaution to take.

What’s more, if you do find yourself in a similar situation to our client, like her you should report the incident to the Police and Action Fraud. Action Fraud is the UK’s national reporting centre for fraud and cybercrime in England, Wales and Northern Ireland.

Find out more about Action Fraud here.

Alternatively, if you are an employee of a gym or any other business and you want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the information you hold on your customers is correct. Such steps could include things like additional data protection training, and checks and balances on systems generating correspondence.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

Hayes Connor highly commended as boutique law firm of the year

We are delighted to announce that Hayes Connor Solicitors was highly commended at the Eclipse Proclaim Modern Law Awards in the boutique law firm of the year category.

The prestigious awards, which are now in their sixth year, celebrate and identify sparkling talent and success in the modern legal services arena. They also showcase and set the benchmark for best practice in the ever diverse, challenging and exciting legal landscape.

The event organisers were overwhelmed with nominations this year, receiving more submissions than ever, so it is a significant achievement by our firm.

The boutique law firm of the year category honours firms that specialise in a niche area of law. In our case, data breach and cybercrime.

The judges made their award based on the following criteria:

  • A practice that has performed exceptionally in terms of establishing itself in its chosen market
  • A firm that has demonstrated extensive development and progress as a business, including, but not limited to; strategy, growth, financial performance, employee development, diversity and training
  • An innovative practice that has demonstrated its ability to creatively and effectively compete with multi-practice firms
  • A practice that exceeds the expectations of basic client care and professionalism.

The award ceremony took place on Thursday 31st January in Victoria Warehouse, Manchester.

Commenting on the accomplishment, Kingsley Hayes, managing director at Hayes Connor said: “Our core aim is to help our clients get the redress they deserve following data protection breaches, cybercrime, and other online offences. And, despite an almost entirely online approach, Hayes Connor Solicitors has fast become one of the most recognised names in the sector.

“Over the past 12 months, our firm has established itself as the only niche provider of legal services in the data protection, GDPR and cyber fraud area. This is all we do, and we have become a true specialist in this area of law. We are thrilled that we are being recognised for our achievements in his area.”

As well as the boutique law firm of the year commendation, Hayes Connor was also shortlisted in the Marketing and Communication Strategy of the Year category. This class looks at firms which have shown exceptional originality and innovative thinking in this area.

We were shortlisted based on the work we have done to establish our position as a thought-leader in data breach and cybercrime legal services; informing and educating consumers on their rights.

While we are disappointed to miss out on this award, we recognise the strength of this category and congratulate the winner.

data breach
,

Charity data breaches double over past two years

According to figures obtained from the Information Commissioners’ Office (ICO), the number of reported data breaches from charities has doubled. In 2017/18 there were 148 data security incidents referred to ICO by charitable and voluntary organisations. That’s a 100% increase over two years.

The rise in charity data breaches reflects a growing trend across all sectors. In fact, over the past two years, general business has seen a 215% increase and education and childcare organisations a 142% rise. On average, the number of reports across all sectors has grown by 75%.

The figures were obtained by risk management firm Kroll via a Freedom of Information Act request.

The General Data Protection Regulation (GDPR), which requires organisations to report data breaches is thought to be a key factor in the increase of reports. And it is likely that we will continue to see a dramatic increase in data breach accounts now that self-reporting is mandatory.

A Kroll spokesperson said: “Reporting data breaches wasn’t mandatory for most organisations before the GDPR came into force, so while the data is revealing, it only gives a snapshot into the true picture of breaches suffered by organisations in the UK”.

Charity data breaches in the spotlight

Earlier this month it was revealed that a review of eight charities by the ICO uncovered many concerns around data monitoring, reporting and training. As the charities involved voluntarily took part in the ICO risk review, they have not been named.

In addition, earlier this year the British and Foreign Bible Society was fined £100,000 for failing to protect the personal data of 417,000 of its supporters. Following an investigation by the Information Commissioner’s Office (ICO), it was revealed that the Society exposed these supporters to possible financial or identity fraud.

With data breaches often causing significant distress for those affected, victims of the British and Foreign Bible Society data breach may now want to claim compensation. Find out more about this case.

Making a charity data breach claim

Many people donate to charities and causes they care about. But, while you might support them in their aims, it is vital that they meet their obligations when it comes to protecting your sensitive data.

Where they fail to do this, holding them to account is often the only way to ensure standards are improved. Often charities and organisations are insured against data breaches, so you don’t have to worry about the impact of the good work you support.

What’s more, it doesn’t matter if criminals haven’t used your data. If the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

If you are worried that a charity has put your data at risk in any way, find out more about making a data breach compensation claim, or contact us today for a free initial assessment.

 

notjusthackers
, ,

Bank sends credit card statements to the wrong person

Financial crime is a hot topic at the moment, with stories about push payment fraud and takeover fraud leaving people worried about what could happen if they became the victim of a bank scam.

But in many cases, its human error rather than cybercrime that is the biggest cause of financial data breaches. And, these errors are just as likely to happen offline.

In a recent case, our solicitors saw the impact of what can happen when a person’s financial information was sent to the wrong address by mistake.

What happened in this case?

In this data breach, a bank sent partial credit card statements to the wrong person. The information was sent to a completely different person to the account holder (our client), attached to the back of a bundle of documents she had requested.

Luckily, in this instance the woman who received our client’s statements was honest, and despite being a complete stranger she contacted him to let him know what had happened. She also reported the incident to her local branch, although she was not satisfied with how the bank proposed to deal with the matter. If such a simple error can be made, what’s to say it couldn’t happen to other customers?

As a direct response of this admin error, this data breach has caused considerable distress and worry to our client. He has now lost confidence in his bank and can’t be sure if his sensitive and personal data has been further breached.

Lessons learned

Banks, credit card providers and other financial institutions need to do more to protect sensitive financial data.

All too often staff are involved in such data breaches, so employee training and awareness must form a core part of any security strategy and measures.

If you are an employee of a financial organisation and want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that this doesn’t happen to you. Such steps could include things like additional data protection training, secure systems for storing information, checks and balances on systems generating correspondence, and measures to ensure that the correct information is being sent to customers.

This is especially important if you deal with sensitive financial information which could cause serious harm if it falls into the wrong hands.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

#notjusthackers
,

Sharing data? Think before you do

With human error the leading cause of data breaches, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security to staff.

At Hayes Connor, we’re sharing some of the tips included in this toolkit to raise awareness of the importance of this issue, and to help organisations across the UK improve their data protection processes.

Tip: All information you work with has value. Share it appropriately

The risk of data sharing  

We live in a data-driven world, so it’s not unusual for us to share our personal information with organisations. Not least because sharing this data tends to make life easier and more convenient. But it’s vital that our data is only used in ways we would expect, and that it is kept safe.

In a recent case, we saw the impact of what can happen when a gym provided a woman’s personal details – including her home address- to another customer who shared her name by mistake. This error led to considerable distress, upset and even fear.

Quick tips

  • Employers must understand the importance of data protection and make sure that strict policies and procedures are put place to ensure the safe processing of information – both in and out of the office
  • In many cases, data breaches can be avoided by staff abiding by the data protection principles of their businesses. But it is up to employers to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws
  • Organisations must do more to protect personal information. For example, by designing systems that only allow the relevant people to have access
  • Every staff member accessing personal records should provide a reason for doing so.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

breach compensation
, ,

Making a compensation claim helps to address the real-life impact of data breaches

At Hayes Connor Solicitors, we help our clients to make compensation claims after their data has been put at risk by the organisations they trust to look after it.

In some cases, these data breaches are massive news stories following hacks against the likes of Ticketmaster, Equifax and British Airways. But, every day, we also help people come to terms with smaller data breaches that have a severe and often lasting impact on them.

But, although we believe that these organisations must be held to account for their failure to protect our personal information, all too often people who make a data breach claim are accused of “trying to get something for nothing”. So let’s set the record straight.

The impact of cybercrime can be devastating

Cybercrime can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Following last year’s Ticketmaster data breach, 63% of all the clients we took on suffered multiple fraudulent transactions on their payment cards.

Worryingly, getting your money back following a scam is not always easy. For example, in a recent example of takeover fraud, a customer of the Royal Bank of Scotland (RBS) had more than £4,300 stolen from her account despite the fraudulent caller answering one of her security questions incorrectly. Despite the failure in their processes, the bank maintained that the customer was aware of the transaction and refused to refund her. Find out more about this case.

Claiming for distress isn’t an overreaction

Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is “no harm done.”

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private information, you would be distressed. So why should you feel any less upset at having your online data taken?

Following last year’s Ticketmaster data breach, 31% of all our clients involved in this case suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

Being the victim of a crime can have a significant impact on you mentally and physically. Of course, everyone reacts differently, but for some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So being told to just “get over it” isn’t helpful.

According to Victim Support: “The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

Even smaller data breach cases can have a huge impact. For example, in a recent case, our solicitors saw the impact of what can happen when sensitive information was sent to the wrong address by mistake.

Thankfully, over the last few years, people are waking up to the reality of mental health and there is a greater awareness about the lasting effects of psychological suffering and anguish. Crucially, the law agrees and recognises the amount of damage that can be caused by having your information stolen.

Holding organisations to account could be the only way to ensure they take your security seriously

The sheer scale of the information we share with organisations is enough to leave us all open to the threat of fraud, anxiety and stress. So it’s no surprise that we are worried about what could happen if this data gets into the wrong hands. As such, something has to be done to make companies accountable for any harm done.

Cybercriminals are becoming more and more sophisticated. But this doesn’t let these organisations off the hook. If they have done everything in their power to protect your data and have robust security processes and procedures in place, it is unlikely that a claim would be successful. In fact, this is why we usually wait for the results of an investigation by the ICO before starting a claim.

But the reality is that in most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests, the only way these organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

The real-life impact of data breaches

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

libel
,

Online defamation and libel: know your rights

Defamation is a bit of a hot topic at the moment. Earlier this year, writer and food blogger Jack Monroe won a libel action against Katie Hopkins, and was awarded £24,000 damages, for tweets which suggested that Monroe approved of defacing a war memorial during an anti-austerity demonstration in Whitehall. As a result of the fine, Hopkins had to apply for an insolvency agreement to avoid bankruptcy. Libel is a form of defamation.

Other instances where defamation has been brought into the public eye include where high-profile celebrities or businesspeople have brought an injunction to prevent the publication of material that would be damaging to their reputation (so-called gagging orders).

If you have been the victim of online defamation, it’s vital that you know your rights and what you can do to protect your reputation and achieve redress.

What is defamation?

Defamation is an all-encompassing term that covers any statement that damages someone’s reputation.

A defamatory statement can be made in:

  • Verbal form. This is classed as slander because only the spoken word is involved. Slander can be difficult to prove
  • Written form. This is classed as libel. A case for libel is easier to bring because evidence can be documented.

Defamation makes an ordinary person modify their opinions of another person as a direct result of hearing or reading the statement. Under UK law it is possible to defame businesses as well as individuals. A person that has suffered a defamatory statement can sue the person that made the statement under defamation law.

What is libel?

Online defamation tends to involve libel. You could accuse someone of libel against you if they:

  • Sent an email, or an email attachment defaming you, where that email is widely posted or forwarded
  • Made defamatory material available via a web page
  • Posted defamatory material to an email list or newsgroup
  • Streamed defamatory audio or video.

Anyone who actively transmits defamatory material may also be liable as part of any legal action.

What about freedom of expression?

It is accepted in a democratic society that individuals have a right to express their views and preferences. The internet offers great potential to do this.

Defamation is an abuse of this freedom of expression; where untrue statements may have a harmful impact on a person’s reputation.

It is critical to ensure that unfounded claims should not be allowed to damage a person’s reputation, but it is also vital for the law to balance such protections with the rights to freedom of expression. As such, the issue of defamation has become a much contested topic.

Of course, there is a balance to be had between one person’s right to protect their good name and another person’s freedom of speech. However, if someone has made an untrue statement about you, which was published on the internet, and which caused you injury, then you are entirely in your rights to sue for online defamation.