GDPR
, ,

Over a year since GDPR financial organisations still aren’t keeping our data secure

It’s been over a year since GDPR came into effect. But despite this, too many companies still aren’t doing enough to protect our personal and financial information.

In fact, according to RiskIQ, when it comes to financial services organisations, of public PII-capturing websites with a login page, 11.5% of these sites are still capturing this data without adequate security measures.

What is a PII capturing website?

A PII capturing website is one which collects information from its users that can identify them. Examples of PII include names, addresses, dates of birth, email addresses and login credentials.

Is GDPR making an impact?

These findings are very worrying, particularly due to the damage that can be caused if our banking and credit card information falls into the wrong hands. We should be able to have confidence in all organisations that look after our sensitive data, but especially the financial sector.

But the good news is that there are signs that organisations are starting to take their data protection obligations more seriously. And so they should as they risk huge fines and compensation claims should a data breach happen.

It’s just that, so far, most of the data breaches investigated by the Information Commissioner’s Office (ICO) happened before GDPR came into force. And, under the old law the maximum fine for a data protection failure was just £500,000 (and even that wasn’t handed out often).

However, the tide is turning. The ICO has recently announced that it plans to fine the Marriott hotel nearly £100m. And British Airways is being fined £183 million for its high-profile data breach.

At Hayes Connor Solicitors we are paying close attention to how the ICO is responding to new data breaches and are monitoring the impact of the GDPR now it is starting to make a difference.

What should organisations do now?

With most organisations continuing to expand their web presence, it’s essential that more is done. This includes taking steps such as:

  • Maintaining a complete inventory of all PII capturing websites and making improvements to these to make sure they are secure
  • Ensuring that any new sites are built with robust security measure
  • Making sure that companies aren’t collecting personal data they don’t need via their websites.

Making a data breach compensation claims can help

In our experience, the response of organisations following data breaches has been woefully lacking. Too many big companies seem to think they can get away with just saying sorry.

However, such an absence of care over the very real impact of a data breach should not be tolerated or accepted. And, one way that organisations can be forced to put adequate security measure in place is by people taking legal action where they have been let down. Or in other words – hitting them where it hurts. Because unless this happens, the security of the individual won’t be made a priority.


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.

, , ,

Data breach leads to neighbour harassment

The headlines lead us to believe that data breaches occur as a result of cyber-attacks. The reality is that the vast majority of cases take place as a result of human error. In these instances, the breach itself can lead to a damaging chain of events which could have been prevented.

Our solicitors see every day how clients are affected. Financial loss may not be a factor in all cases, but the damage and suffering following a breach can quickly escalate.

What happened in this case?

Our client lives in a privately managed block of flats and she made a complaint about another leaseholder to the management company.

The management company proceeded to forward her detailed email to all residents in the block, including the leaseholder being complained about.

This data breach, which appeared to have taken place due to an error of judgement rather than by mistake, started a frightening chain of events exposing our client to serious harassment and compromised the safety of her family.

Following the breach, our client, who has two young children, was subjected to having the gas pipe to her property deliberately cut with access to the mains deliberately obstructed.

She suspected that the volatile neighbour she had complained about was behind the vandalism, but he denied any wrongdoing.

Having lived at the property for some years, with generally good relations with the other neighbours, the data breach also led to these relationships becoming strained.

Alongside taking legal action against the management company, our client also reported the data breach to the ICO resulting in the business now being monitored to prevent further incidents.

We secured £3,000 compensation from the management company responsible for breaking data protection laws not least, due to the psychological suffering endured by our client and her young children.

The situation has become so intolerable that our client plans to sell her property and move her family in the near future.

Have you been in a similar situation? Contact us today.

Lessons learned

If you are an employee handling a customer complaint of any kind, consider how the complaint should be handled before sharing any information.

Consideration should be given to a possible solution to the complaint and thought put into the appropriate sharing of the complaint with individuals who may be part of the solution.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

solicitor data breach
, , ,

How Hayes Connor helps our clients after a solicitor data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve. We do this following data protection breaches, cybercrime, and other online offences. We are also committed to upholding the standards of our industry. That’s why it’s particularly upsetting when we are contacted by someone who has been let down by their solicitor.

Here is just one example of a solicitor data breath case we helped a client with recently.

Solicitor lost sensitive information

In this data breach, a former member of the Armed Forces appointed a solicitor to represent her at a Tribunal she was involved in. However, this solicitor lost her sensitive information, including her medical and service records on a train.

Following this shocking data breach, the woman suffered severe psychological effects including stress, anxiety and trauma. As a result, she has been prescribed medication. And her ongoing conditions have been exacerbated.

Turning to Hayes Connor for help, she revealed that her mental health had deteriorated to such an extent that it affected her ability to leave the house. Furthermore, it led to in her being demoted in work, resulting in a substantial pay cut.

Help is needed after a solicitor data breach

Solicitors must understand the importance of data protection. And make sure that strict policies and procedures are in place to ensure the safe processing of information. Both in and out of the office. However, all too often this isn’t happening. And, as you can see, the result of not looking after personal information properly could put people’s mental health, and potentially even their lives at risk.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following a data breach. But we don’t believe that our obligation to our clients stops there. We also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Making a solicitor data breach claim

Our professional, friendly team will advise you on whether you have a valid claim against solicitor. If we believe you have a substantial, complex case, we may be able to act for you on a NO WIN, NO FEE basis.

Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

Contact us today for a free initial assessment.


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

bank data breach
, ,

How Hayes Connor Solicitors helps our clients after a bank data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve. We do this following data protection breaches, cybercrime, and other online offences. One type of claim we see a lot of is bank data breaches.

Bank fraud is a very serious crime. And victims can suffer both financial loss and distress. But, while we often worry about hackers and cybercriminals getting hold of our banking and credit card details, in many cases, human error can also have devastating consequences.

Here are just some of the bank data breath cases we have helped our clients with recently.

Ex gained access to our client’s financial information due to bank data breach

Our solicitors saw the impact of what can happen when a bank statement was sent to an ex-partner’s address by mistake. In this data breach, our client’s bank sent personal information disclosing his financial situation to his previous address. His ex-partner still lived at that address. This happened despite our client changing his address with his bank five years ago.

Our client’s ex-partner disclosed this information to her friends, family and acquaintances. Understandably, this caused our client significant distress and embarrassment. Furthermore, due to the disclosure of his financial position, our client’s ex-partner also refused him access to their children and prevented him from taking them on holiday. As a result of this data breach, our client suffered severe psychological effects, including stress and anxiety.

Bank sends credit card statements to the wrong person

In this data breach, a bank sent partial credit card statements to the wrong person. The information was sent to a completely different person to the account holder (our client), attached to the back of a bundle of documents she had requested.

Luckily, in this instance the woman who received our client’s statements was honest. And despite being a complete stranger, she contacted him to let him know what had happened. She also reported the incident to her local branch, although she was not satisfied with how the bank proposed to deal with the matter. If such a simple error can be made, what’s to say it couldn’t happen to other customers?

This data breach has caused considerable distress and worry to our client. He has now lost confidence in his bank and can’t be sure if his sensitive and personal data has been further breached.

Help is needed after a bank data breach

The financial sector handles some of our most sensitive data. And, as customers, we have the right to expect this will be looked after. However, all too often this isn’t the case.

These are just some examples of the types of financial data breaches we deal with every day. And, as you can see, serious cases could put people’s mental health, and potentially even their lives at risk.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following a data breach. But we don’t believe that our obligation to our clients stops there – we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Making a bank data breach claim

Our professional, friendly team will advise you on whether you have a valid claim against a financial organisation. If we believe you have a substantial, complex case, we may be able to act for you on a NO WIN, NO FEE basis.

Contact us today for a free initial assessment.

Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

We can also help you to recover from financial data hacks, financial phishing attacks, bank and credit card takeover fraud and push payment scams.


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.

BA data breach
, ,

BA one of many airlines to expose sensitive passenger information

A vulnerability with British Airway’s e-ticketing system has exposed sensitive passenger information. This flaw could allow a “malicious actor” to change the flight booking details and personal information of passengers. It also means that customer information could be exposed and fall victim to cybercriminals. The data at risk is thought to include:

  • Email addresses
  • Phone numbers
  • Membership numbers
  • First and last names
  • Booking references, itineraries, flight numbers, flight times, seat numbers and baggage allowances.

Worryingly, BA is not alone. Similar security bugs have also been found at several other airlines. This includes Southwest, KLM, Air France, Jetstar, Thomas Cook, Vueling, Air Europa and Transavia.

Speaking about the risk to passengers, Israel Barak, chief information security officer at cybersecurity company Cybereason, said: “For the consumer flying with British Airways, or with other carriers, they should be working under the assumption that their personal information has been compromised many times over.“

Is British Airways taking this e-ticketing data breach seriously?

Shockingly, it doesn’t seem to be. In fact, while the flaw was discovered in July, the researchers who found it (and whole told BA about it), claim that the problem still exists. This is particularly galling as, just a few weeks ago, the ICO announced plans to fine British Airways a whopping £183.93 million for ANOTHER data breach.

Questions must be asked about what it will take to make BA meet its legal responsibilities and protect its passengers.

Who has been affected by the BA e-ticketing data breach?

It is estimated that 2.5 million connections were made to the affected British Airways domains over the past six months. So, the potential impact is thought to be “significant.”

Cybersecurity scandals have plagued British Airways

Airlines must take action to ensure that all steps where personal information is accessible are secure. And for BA, with a history of data protection failures, this must become an urgent priority.

  • In September 2018, approximately 380,000 card payments were compromised after BA’s website and mobile app suffered a security breach
  • When investigating this case, a second data breach was also uncovered. In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. Also, a further 108,000 people had their personal details stolen.

Can you make a BA data breach claim?

At Hayes Connor Solicitors, we are helping hundreds of BA passengers to claim compensation following the 2018 BA data breach.

However, at the moment, it is unclear if the exposure of personal and sensitive data in this latest breach has led to any customers suffering losses as a result. If you feel that you may have been affected, and have evidence of any loss or fraudulent activity, please let us know. We’ll keep you informed about this case and let you know if, and when, you can claim.

You can also contact us if you are worried that your data has been exposed by another airline.

The BA data breaches were able to happen as the airline failed to implement reasonable and robust security processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously is by taking strong and decisive action.

REGISTER NOW 


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

 

gender identity clinic breach
, ,

Gender identity clinic investigating data security incident after patient email leak

The Charing Cross Gender Identity Clinic in London is investigating a ‘data security incident’. The clinic supports adults with issues related to gender. It has patients who are transitioning or considering doing so from across the UK.

Tavistock and Portman NHS Foundation Trust run the clinic. According to a statement on its website, the breach exposed the email addresses of many of its patients.

The statement reads:

“We are currently investigating a data security incident.

 “This incident involved an email from our Patient and Public Involvement team regarding an art project that we are looking forward to launching. Unfortunately, due to an error, the email addresses of some of those we are inviting to participate were not hidden and therefore visible to all.

 “We are hugely apologetic and understand that this is a serious data breach.”

Approximately 2,000 people are exposed

Two separate emails were sent to Charing Cross Gender Identity Clinic patients. In total, the personal details of almost 2,000 trans patients are reported to be exposed.

This is a massive breach of patient confidentiality and people are understandably upset. Speaking to the media, one patient said: “It could out someone, especially as this place treats people who are transgender”.

There are also concerns that, in being outed as trans, “that could be hugely dangerous to their wellbeing and safety.”

The breach was caused by human error

Most security breaches happen because of distractions or mistakes. And that certainly seems to be the case here. In fact, not using the blind carbon copy (bcc) functionality when sending to multiple recipients is a common cause of data breaches.

Often this happens because strict policies and procedures are not in place to ensure the safe processing of information. Or, staff have not received regular data protection training to make sure they understand the potential consequences of breaching data protection laws. In this case, the clinic also appears to be financially stretched and under-resourced.

However, the bottom line is that the Trust should have ensured better compliance to protect potentially vulnerable patients and maintain their privacy.

What happens now?

The Charing Cross Gender Identity Clinic data breach has been reported to the Information Commissioner’s Office (ICO) and is now being investigated. The Trust is also treating the privacy violation as a serious incident.

Anyone distressed by the breach of trust can make a complaint here. We would also urge victims to contact the ICO and let it know about their concerns.

The ICO could fine the Charing Cross Gender Identity Clinic

Where adequate processes and protections are not in place, the ICO does have the power to issue fines.

For example, an independent inquiry into child sexual abuse was fined £200,000 by the ICO after sending a bulk email that identified possible abuse victims. In this case, an officer sent an email to 90 people involved in a review without using bcc. This allowed the recipients to see each other’s email addresses and identified them as possible victims of child sexual abuse. In 2016, the ICO also fined another London clinic £180,000 after it leaked the email details of almost 800 patients diagnosed as HIV positive.

These fines were issued before the introduction of the GDPR in 2018, so, a penalty for Tavistock and Portman could be much higher. However, it’s important to note that, while the ICO does hand out fines, it does not award compensation to victims of data breaches.

Make a claim against the Charing Cross Gender Identity Clinic

Data breaches are not just caused by cybercriminals. Every day we hear how simple human errors are causing misery and upset to people across the UK. And, given the nature of this data breach, the emotional distress to patients should not be underestimated. Furthermore, this breach could potentially put people in serious danger.

Of course, there are concerns that claiming compensation could take money from an already underfunded clinic. However, in 2019, all organisations should have insurance in place to protect against such threats.

What’s more, while you might support the clinic, it must meet its legal obligations when it comes to protecting sensitive data. Where an organisation fails to do this, holding it to account is often the only way to ensure standards are improved.

If you have been the victim of the Charing Cross Gender Identity Clinic data breach, find out how we can help. Complete our online form. Or give us a call to discuss your case in more depth.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

SAR Requets
, ,

Metropolitan Police failing to respond to subject access requests

You have the right to find out if an organisation is using or storing your personal data. To exercise this right, all you have to do is ask for a copy of this data. This is called making a subject access request (SAR). The ICO (the UK’s data protection regulator) has been working with the Metropolitan Police Service (MPS) to address its large SARs backlog. However, the MPS has more than 1,100 open requests. With nearly 680 over three months old. The ICO believes that this is a cause for concern.

What has happened in this case?

The ICO has issued two enforcement notices ordering the Metropolitan Police Service to respond to all SARs by September 2019. The regulator has also asked the MPS to “make changes to its internal systems, procedures or policies, so that people are kept up to date on any delays that may affect their data protection rights and how the situation is being addressed.”

The ICO added, “Ultimately, the public must be able to trust that police forces are upholding their information rights, and this case is a reminder to other police forces that we will take action against those organisations that do not comply with their SAR obligations”.

What do you need to know about making a subject access request?

Find out how to make a Subject Access Request on the ICO website.

Crucially, when it comes to making a subject access request, the ICO has stated that there is “no requirement for a request to be in writing”.

What can you use a SAR for?

You can use a SAR to find out:

  • What personal data an organisation holds about you
  • Whether an organisation is processing your personal data
  • How the organisation got hold of your data
  • The types of personal data being processed
  • Why your data is being processed
  • Any third parties that your data is being shared with
  • How long your data will be kept for
  • How you can have your data amended or deleted
  • Whether they use any automated decision-making processes
  • Any other supplementary information.

Of course, it could take longer for an organisation to supply everything they have about you. So, if you only need certain data and you want to speed things up, it makes sense to be specific.

The ICO has provided a handy template to help you to do this.

What else do you need to know about making a subject access request?

  • Organisations should provide contact information for making a SAR. Under the GDPR, this information should be available on an organisation’s website (check the privacy policy usually found in the footer)
  • Requests can be responded to electronically (as long as it is secure)
  • You can ask for a paper copy of the data held about you, but a company only has to provide this if it is reasonable to do so
  • SARs need to be replied to within one calendar month. However, they might need extra time to consider your request and, if so, can take an additional two months to do this
  • Organisations must make you aware of any delays which may affect their requests. They should also explain how the situation is being addressed
  • Organisations can ask for further information to establish your identity, particularly where sensitive data is involved. However, such requests must be “reasonable and proportionate”
  • A copy of your personal data should be provided at no cost to you. Although “reasonable” fees can be charged for manifestly unfounded or excessive requests
  • An organisation can refuse a SAR if they believe it to be ‘manifestly unfounded or excessive’. They may also deny a SAR if your data includes information about another individual. However, they can’t just ignore you. They must still write to you and explain why your SAR is being refused
  • You have a legal right to ‘rectification’ of your records. So, if something in your data is wrong, you can ask to have it corrected. Organisations have one month to respond to your request
  • If you are worried about the way an organisation is handling your information, the ICO has provided a handy letter template to help you to raise your concerns.

What can you do if you don’t believe your SAR has been taken seriously?

If you believe any fees to be unfair, you can complain to the organisation in question. However, if the matter is not resolved, you should report your concerns to the ICO.

If more than a month has passed since you made your SAR, and you have not heard anything back, you should write to the organisation reminding them of your request and their obligations under the GDPR. And, if you still don’t hear back, you should complain to them using their complaints process. And, if you are not happy with their response, you can complain to the ICO.

If you think your request has been rejected unjustly, you can raise a complaint with the organisation in question. And if you remain dissatisfied, the ICO.

If the organisation refuses to change their records, you can complain to the ICO. However, there’s a difference between information that is incorrect and information that you disagree with. For example, if you have a dispute with your doctor over a diagnosis, you can’t change your health records. However, you might be able to add a note to this record stating that you disagree with the medical opinion.

If you believe that an organisation is not handling your data properly, you can also complain to the ICO.

Find out more about Subject Access Requests.

Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.

Recruitment data breach
, , ,

How Hayes Connor helps our clients after a recruitment data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve. We do this following data protection breaches, cybercrime, and other online offences. One type of claim we see a lot of is recruitment data breaches.

Here is just one example of a recruitment data breath cases we helped our client with recently.

Sensitive information supplied as part of a job application was processed incorrectly

In this recruitment data breach, the individual managing the recruitment process wrongly addressed sensitive applicant information and failed to send it by recorded delivery or hand delivery. Despite this being the company’s standard purported practice.

The documentation included the following material:

  • A copy of the applicant’s passport
  • A copy of her driving licence
  • Two letters to prove her address/identity
  • A copy of her birth certificate
  • Copies of her NVQ certificates.

The information has still not been recovered and therefore remains a potential threat to our client.

As a direct result of this data breach, our client has suffered severe psychological effects, including stress, anxiety and trauma. So much so that her GP has prescribed medication.

Council employee carries out personal data protection breach to help his partner get a job

In another high-profile recruitment data breach, a former senior local government officer was fined by the ICO. This came after he shared the personal information of rival job applicants with his partner. The man’s partner had applied for a job at the council where he worked. As this could have meant other applicants lost out on the job unfairly, this was a severe personal data protection breach.

The data breached included the names, addresses, telephone numbers and CVs of each candidate.  The breach also included the personal contact details for each of their two referees. This is a shocking violation of data protection laws.

Commenting on this case, Steve Eckersley, Director of Investigations at the ICO, said:

“People who supply their personal information to an organisation in good faith, such as when applying for a job, have a legal right to expect it will be treated lawfully and ethically.

Help is needed after a recruitment data breach

In many cases, data breaches such as this can be avoided by employees abiding by the data protection principles of their organisations. But it is up to these organisations to make sure that all staff receive regular data protection training. This is necessary to make sure they understand the potential consequences of breaching data protection laws. But all too often this isn’t happening.

As you can see, the result of not looking after personal information properly could put people’s mental health, and potentially even their lives at risk.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following a data breach. But we don’t believe that our obligation to our clients stops there. We also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Making a recruitment data breach claim

We help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it.

Our professional, friendly team will advise you on whether you have a valid claim against a recruiter or employing organisation.

If we believe you have a substantial, complex case, we may be able to act for you on a NO WIN, NO FEE basis.  Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

Contact us today for a free initial assessment.


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.

data breach compensation
, ,

What is included in a data breach compensation claim?

As data protection solicitors, one of the things we regularly get asked by people who have suffered because of a data breach is “what can I claim for”?

Data breaches can and do cause serious and lasting damage. To claim compensation, you must be able to prove that you suffered as a result of the breach. And, while each case is judged on its own merits, there are some things we would typically look for when it comes to recovering damages for victims of a data breach.

Financial losses

With enough information, cybercriminals can use your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. Evidence of financial losses include things like receipts, bank statements etc.

Distress

Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is no harm done. A data breach can have a significant impact on you, both mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. When it comes to any psychological effects we may be able to arrange for a medical consultation to help prove your claim.

A number of our clients have suffered life changing consequences following a data breach. In many cases these clients have been examined by experts and have a confirmed diagnosis. Failing to acknowledge the impact a data breach can have on poor mental health is a mistake.

How much data breach compensation can you claim?

Data breach compensation following data hacks and confidentiality breaches can range from a few hundred pounds to tens of thousands of pounds.

For example, someone whose medical records were stolen could be entitled to £6,000. If you do go to court, it is up to the judge to consider all the circumstances, including the seriousness of the breach and the impact on you.

Typically, we would look to claim for:

  • Any money lost (e.g. if a cybercriminal used your bank card)
  • Stress, worry, and anxiety
  • Any recognised psychological injury
  • The effect that the leak has had on your social and home life
  • Any loss of earnings as a direct result of the breach (e.g. if you need time off work or lose your job)
  • The loss of future earnings (e.g. if you have to drop out of university)
  • Any expenses that you have had to pay as a result of the data breach (e.g. private medical care, travel expenses, accommodation, etc.).

How do we prove your claim?

Once you have told us that you want to make a data breach or cybercrime compensation claim, we will send you our initial documentation pack. This sets out what we will do for you, how we will do it, and what we need to proceed with your claim.

Within this pack, you will also find our data breach questionnaire. This lets you tell us as much about your case as possible. We ask you to complete this to best of your ability.

The type of questions we ask include:

  • When the data breach took place
  • When you found out about the data breach
  • What information was stolen/put at risk
  • If you have reported the data breach (e.g. to the ICO, the police etc.)
  • If you have you received any documentation admitting the breach (and if so, when)
  • Whether the organisation that put your data at risk has given you a reference number
  • If you have suffered any distress as a result of the data breach. And if so have you spoken to your GP about this
  • Whether you have any pre-existing vulnerability to distress or psychological trauma
  • Whether you have suffered any financial loss as a result of the breach. And if so, what these losses involve
  • Whether anyone else has been affected by the breach. And if so, who and how.

We need this information to ensure we make the strongest possible claim on your behalf.

Once you have signed and returned the necessary information to us, we will make a start on your case. It is not unusual that – on reviewing your impact form – we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a massive difference in the eyes of the law. That’s why appointing expert data breach compensation solicitors is essential.

How much does it cost to make a data breach compensation claim?

Access to professional legal advice is a fundamental right. That’s why it is vital that everyone can afford to make a data breach or cybercrime compensation claim should they need to.

Removing the financial risk, at Hayes Connor Solicitors, we provide our services on a no-win, no-fee basis to help our clients get the compensation they deserve. So, if we don’t win, you don’t have to pay us a penny.

If your claim is successful (and that’s what we all want!), you usually have to contribute towards your solicitor’s costs. This ‘success fee’ is taken from the compensation awarded to you. The amount of the success fee depends on when your case is settled, but with Hayes Connor Solicitors, you never have to pay more than 25% of your compensation.

What’s more, if enough people come forward to make a large group action claim, we might be able to waive this fee (by getting the other party to pay it instead of you). That would mean that there are no solicitor’s fees win or lose. We always make sure you are fully informed about any potential costs before we proceed.

Helping our clients get the compensation they deserve

Every day serious data breaches take place. And, all too often these breaches put people’s mental health and even their lives at risk.

Our data protection solicitors provide high-quality, sensitive legal advice and support to help victims of data breaches and cybercrime to claim compensation. We may be able to act for you on a NO WIN, NO FEE basis.

Find out more about making a data breach claim with Hayes Connor Solicitors.

 

employment data breach
, ,

How Hayes Connor helps our clients after an employment data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve. We do this following data protection breaches, cybercrime, and other online offences. One type of claim we see a lot of is the employment data breach. Here are just some of the employment data breach cases we have helped our clients with recently.

Breach of data leading to an employment dispute

Our client was referred to a qualified third-party for a standard workplace assessment. This assessment was designed to make sure she had everything she needed to reach her full potential in her job. However, the party conducting the evaluation added sensitive personal information about her to their report. And they gave this to her employer.

This information was not relevant to the assessment. Moreover, it led to a dispute between our client and her employer over the disclosures she made while applying for her job.

In response, our client made a data breach claim against the workplace assessment provider. And, as well as claiming for the initial breach of her sensitive information, she also claimed for the loss and injury she suffered by the infringement when this knowledge was used against her.

Employment data breach leads to an increase in unwanted spam

Our client suffered a data breach when his employer was hacked and his financial information was put at risk.

As a result of the hack, our client was bombarded with unwanted spam calls and text messages, Some of which became quite personal. This proved to be very distressing. It resulted in him and his family suffering from distress and worry. Our client was diagnosed with an anxiety-related psychological condition that would require treatment to help him fully recover.

As the spam could be traced back to the original data hack, he was able to claim for the breach of his data and the injury caused.

Help is needed after an employment data breach

Today, such unlawful disclosures are all too familiar. And, in such cases, this can result in complex anxiety and stress.

But in such situations, you can claim damages for any psychological injuries caused by the breach of your personal data. If you find yourself suffering, make sure you seek appropriate medical attention as soon as any symptoms arise so that the impact can be adequately assessed.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following an employment data breach. But we don’t believe that our obligation to our clients stops there – we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Making an employment data breach compensation claim

We help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it. And we will make sure that your employment rights are protected during and after any claim against an employer.

Our professional, friendly team will advise you on whether you have a valid claim against an employer (or third-party). If you have a substantial case, we may be able to act on a NO WIN, NO FEE basis.  Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

Contact us today for a free initial assessment.


Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.