council data breach
, ,

Council data breach after worker illegally accessed records 83 times in six months

A former reablement officer has been prosecuted for accessing social care records without authorisation. In this council data breach case, Dannyelle Shaw, who worked at Walsall Metropolitan Borough Council, inappropriately accessed the social care records of 7 adults and 9 children without any business need to do so.

According to reports, Ms Shaw illegally accessed the social care database without authority 83 times between April and September 2017. One of the adults affected later found out and made a complaint.

Ms Shaw had received training in data protection and confidentiality protocols. As a result, she was dismissed by the council before being prosecuted by the Information Commissioner’s Office (ICO).

Appearing before Wolverhampton Magistrates’ Court, Ms Shaw was sentenced to a fine of £450, ordered to pay costs of £364 and a victim surcharge of £45.

A price not worth paying

Speaking about this council data breach, Hazel Padmore, head of investigations at the ICO, said:

“People whose work allows them access to what can often be highly sensitive personal information need to know that the ICO will act to protect the legal rights of data subjects.

“This is another case where someone clearly knew the importance of confidentiality and protecting people’s personal information but decided to disregard all their training for their own reasons, and ended up paying a heavy price.

“Losing your job and ending up before the courts is not a price worth paying.”

Not Just Hackers

This case should remind people that they could face criminal prosecution and fines if they access or share personal data without a legal reason.

At Hayes Connor Solicitors, we see many different types of claims and understand how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

 

data privacy
, ,

Is your data privacy safe when travelling?

Do you know exactly how much of your data is being collected, by who, and for what purpose? With a rise in smart devices, there has been an explosion of data profiling. And in a series of blogs, our data protection experts are taking a look at some of the ways the average person might find their data being harvested every single day.

In our last blog, we discussed how your data privacy could be at risk in your home. This month, we are examining how much information is collected when you are travelling.

Data privacy in your car

If you watch the popular TV show Hunted, you’ll know that the government can use CCTV, ANPR (Automatic Number Plate Recognition), GPS and Oyster cards to track an individual’s movements. But it’s not just the state that can track us as we go about our daily lives.

In August 2019, Mercedes sparked a privacy row when it admitted that it uses tracking devices covertly installed in its cars to effectively spy on drivers and pinpoint a vehicle’s exact location. According to Mercedes, the sensors are only used in “extreme circumstances”. This includes when a customer has defaulted on a payment. In such instances, Mercedes would activate the tracker and then share car owner information and vehicle location details with bailiffs and car recovery firms.

Worryingly, it seems that many people who bought a car from Mercedes had no idea that their data could be used in such a way. And, at Hayes Connor, we would argue that such surveillance is legally very concerning, not least because tracking a car without the knowledge of the driver is illegal under EU data protection laws.

“Any company that handles personal data should explicitly disclose how this information is gathered and how it could be used. In the case of Mercedes, there has been a shocking lack of transparency when it comes to how it is processing personal data. Yes, there are details about the sensors in the extensive terms and conditions, but Mercedes is no doubt aware that these are often misunderstood, or not read at all. As such, we believe that the company is playing fast and loose with the data privacy rights of its customers”.

Christine Sabino, Data Protection Solicitor, Hayes Connor Solicitors


Does car insurance pose a data privacy risk?

It’s not just car brands that drivers need to be aware of. Apps which supply data to insurance companies are also raising privacy concerns.

For example, car insurance companies are now experimenting with charging for insurance based on an individual’s actual driving rather than statistics and algorithms. So, people would let their insurance company watch them drive via an app, and then receive a quote based on their actual driving history. But there are significant privacy concerns with this approach. Not least because, to work, such apps will have to monitor drivers at all times and can’t be switched off.

Of course, for many, a reduction in insurance premiums might be worth it. But we must know what we are signing up to. Because, with a wealth of data to track, where does this stop? It’s not at all unlikely that in the future, insurance-based technology could examine the music you listen to or the restaurants you drive to and use this data to make assumptions about you and your driving habits. And we should also think about how this information might be shared with third parties.

Uber data breach

If you don’t drive you shouldn’t worry about your data being used in such a manner, right? Think again.

In 2018, the Information Commissioner’s Office fined Uber £385,000 following a data breach which was covered up by Uber for a year. In this case, the personal details of approximately 2.7 million UK customers were accessed by hackers. This included full names, email addresses and phone numbers. The records of almost 82,000 UK drivers were also taken during the incident.

“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen. At the time, no steps were taken to inform anyone affected by the breach, or to offer help and support. That left them vulnerable.”

Steve Eckersley, Director of Investigations, ICO


British Airways data breaches

Like other transport providers, airlines must also ensure that sensitive passenger information is kept secure. But, for British Airways, this doesn’t look like it is a priority after a series of data protection failures at the airline.

  • British Airways Data Breach One (2018): Booking website and app. Almost 400,000 British Airways customers had their personal details and bank cards stolen in one of the most severe cyber-attacks in UK history. In response, the airline is now facing a staggering £183 million penalty by the Information Commissioner’s Office (ICO).
  • British Airways Data Breach Two (2018): Reward bookings. When investigating the first data, a second data breach was also spotted at the airline. In this instance, 77,000 people had their names, addresses, email addresses and detailed payment information taken. This included card numbers, expiry dates, and card verification value (CVV) numbers. And, a further 108,000 people had their personal details stolen. This hack could have left customers exposed for months.
  • British Airways Data Breach Three (2019): e-Ticketing system. Security researchers uncovered unencrypted links within BA’s e-ticketing process. The vulnerability with British Airway’s e-ticketing system may have exposed sensitive passenger information such as email addresses, names, phone numbers and more.

Find out more about the BA data breaches.

Data privacy concerns for the London Underground

According to reports, passengers using the London Underground network are to be tracked via the WiFi beacons on their smartphones. TfL said it would use the data to work out how commuters use the network and to send targeted information about avoiding congestion. The move comes following a trial of the system in 2016.

However, as well as using the data to improve its service, experts predict that TfL will look to commercialise this data. For example, by pricing advertising based on footfall.

While Tfl states that it has “pored over” guidance provided by the Information Commissioner’s Office, it also believes that it is not subject to GDPR because there is no way of directly identifying an individual from their phone signal. Whether that remains the case is yet to be seen. But unless a security-first approach is adopted, this could have long-term privacy implications.

Is Big Brother watching?

You might expect to be free from data collection when you are on foot or your bike. But in our connected online world, this is far from the truth. Your exposure to data harvesting depends on the number and type of smart devices that you own and the apps that you use. But today’s intelligent devices have the potential to collect a vast amount of data about you.

For example, cyclists have been warned about sharing data on ride-tracking apps because they could be helping bike thieves. Also, Google could be keeping a detailed record of your exact movements. In fact, it could know everywhere you have ever been! Check here to make sure your location history is turned off.

And it’s not just your own technology you have to think about. The ICO was said to be ‘deeply concerned’ about how AI surveillance systems were being used in central London. In this case, it was revealed that hundreds of thousands of people were being secretly spied on by face-recognition systems. The area watched included King’s Cross railway station. The ICO launched an investigation after concerns about this mass surveillance were reported in the media.

“Scanning people’s faces as they go about their daily business is a potential threat to privacy that should concern us all. That is especially the case if it is done without people’s knowledge or understanding.”

Elizabeth Denham, Information Commissioner, ICO


Education is key to minimising the impact of data privacy breaches

Of course, our world is changing, and technology is here to stay. So, we wouldn’t recommend not using smart devices or apps. Especially as they have the potential to deliver enormous benefits. But, when signing up to any new service it is vital to check the small print and make sure you understand how your data is being used.

At Hayes Connor Solicitors, we believe that the better informed we all are, the better-protected everyone will be. As such, we invest heavily in data privacy education. For more information on how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, please contact us to find out how we can help. Our initial advice is completely free, and there is no obligation to process.

, ,

Former social worker fined for illegally sharing highly sensitive information on children

A former social worker has been prosecuted for illegally sharing the personal information of children. The social work data breach affected 14 youngsters in care; some of who were at risk of child sexual exploitation.

What happened in this case?

Leo Kirk, was suspended from his job as a social worker after it was discovered that he had persuaded a grieving woman to lend him money for a mortgage repayment. The woman had post-traumatic stress disorder, anxiety and depression. As part of his job, he had helped her to claim backdated benefits before he was transferred to another post.

He was then reprimanded by the Health and Care Professions Tribunal Service for a clear breach of professional boundaries. He was accused of a ‘lack of integrity” and ”abusing his position of power”

To make matters worse, without disclosing his suspension, Mr Kirk carried on working for a private care company that helps young people. Mr Kirk then sent private documents that included sensitive information about several youngsters to a rival organisation.

What was the outcome of this social work data breach?

The UK’s data watchdog began an investigation into the social worker data breach after Mr Kirk’s employer found out about the breach.

According to the Information Commissioner’s Office (ICO):

”We received a report about unlawful misuse of personal data by a manager who had without reason passed on documents about up to 14 young people aged 16 to 18 to a competitor. He was employed by Holywell children’s services but gave details of 14 children to Hillgate Health group, which was providing placements for children who are in care.

”Mr Kirk was suspended from his job on May 10, after breaching data protection rules and an investigation revealed he had unlawfully disclosed referrals for residential and foster care placements for vulnerable young people aged between 16 and 18.

“The information identified sensitive personal data including accommodation and foster referrals and personal data about children in care.

”This sensitive personal data including details concerning sexual behaviour, sexual grooming and the risk of child sexual exploitation plus any history of abuse. It also contained details their health, police cautions and court referrals.

Mr Kirk admitted two charges of obtaining and recklessly disclosing personal data under the Data Protection Act 1998. In response, he was fined £483 and ordered to pay a further £412 in costs by Stockport Magistrates’ Court.

Mr Kirk is no longer involved in social work.

Lessons learned

The Data Protection Act exists to protect the privacy of individuals. And, this case should remind people that they could face criminal prosecution and fines if they access or share personal data without a valid reason.

At Hayes Connor Solicitors, we see many different types of claims and understand how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

home data
,

Do you know how your data is being used in your home?

An individual’s data is valuable. Both to them and the organisations that use it to provide and improve their services. But does anyone know exactly how much of their data is collected, by who, and for what purpose?

According to researchers at the University of Oxford, the number of Android apps harvesting user data and feeding it back to parent company Google is “out of control”.

Over the last few years, there has been an explosion of data profiling by companies, public bodies and even governments. In a series of blogs, our data protection experts look at just some of the ways the average person might find their data being harvested every single day.

To start, we discuss smart devices, and how your data privacy could be at risk in your home.

Smart devices privacy at home

You might expect to be free from data collection in your home. But in our connected online world, this is far from the truth.

Your exposure to data harvesting depends on the number and type of smart devices that you own. But a home that is fully equipped with intelligent devices has the potential to know everything about you. For example:

  • Smart garage door sensors can track when you leave for work
  • Smart locks know when your front door bolt is engaged
  • A smart fridge knows what you like to eat – and how much
  • Heating and lighting controls provide data on when you are at home
  • Smart media devices know what you watch, what games you play, and what music you listen to
  • Smart vacuums collect information about the layout of your home
  • Smart doorbells can identify your visitors (e.g. via vehicle licence plates).

And the list goes on.

Of course, this data can help us to improve our lives (e.g. energy savings). But what if there was a data breach and that information fell into the hands of cybercriminals, advertisers, or those with a political agenda?

Smart devices are sharing your personal data with third parties

We should all know how much of our data is being collected and how it is being used. Especially as the likes of Amazon and Google are both increasing the amount of data they gather about their customers.

Furthermore, while we might think that any data collected isn’t shared with anyone other than the companies that provide us with the smart products, this isn’t necessarily true.

A study[1] which examined the data sharing activities of 81 different smart devices commonly found in people’s homes discovered that 72 shared data with third parties completely unrelated to the original manufacturer. Staggeringly, the data shared included IP addresses, device specifications and configurations, usage habits, and location data. Making matters worse, 30 of the 81 devices shared this information without any encryption.

We should all be worried about what could happen if this information falls into the wrong hands.

Is someone listening?

When talking about privacy in the home, we should also think about smart devices such as Amazon’s Alexa.

Of course, there are “conspiracy theories” that by using devices that use microphones, someone might be listening. But, while the big tech companies might tell us that this is nonsense, sometimes people are paranoid for a reason.

Earlier this year, a report revealed that Amazon employs people to listen to voice recordings captured in Echo owners’ homes. Echo is an Alexa-powered smart speaker. The recordings are used to help improve Alexa’s understanding of human speech and help it to better respond to commands. Worryingly, according to the report, listeners sometimes pick up and share things Echo owners likely would rather stay private. For example, when people discuss private matters such as bank details and intimate conversations.

Responding to the report, an Amazon spokesperson said that the company takes the security and privacy of its customers’ personal information seriously. But Amazon’s privacy policy materials do not explicitly state that humans might be listening to users via Alexa. And, while Amazon does provide the option of disabling the use of their voice recordings for the development of new features, it has admitted that people who opt out might still have their recordings analysed manually. Furthermore, according to the report, Sometimes Alexa appears to begin recording without any prompt at all, and Alexa is often triggered by accident.

Education is key to minimising the impact of data breaches

Of course, our world is changing, and technology is here to stay. So, we wouldn’t recommend not using smart devices. Not least because they have the potential to deliver enormous benefits. But, when signing up to any new service, it is vital to check the small print and make sure you understand (as much as is possible), how your data is being used.

At Hayes Connor Solicitors, we believe that the better informed we all are, the better-protected everyone will be. As such, we invest heavily in data privacy education. For more information on how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, please contact us to find out how we can help. Our initial advice is completely free, and there is no obligation to process.


[1] Northeastern University and Imperial College London

, ,

Woman prosecuted for social services data breach

A woman has prosecuted for accessing social care records without authorisation. Michelle Shipsey, a former social services support officer at Dorset County Council, accessed the records of four people she knew without any business need to do so. She also gave the details to parents at their children’s school. Following the social services data breach, an internal investigation was launched by Dorset County Council. However, no further action was taken at this time as the woman then resigned from the council.

Appearing before Poole Magistrates’ Court, Ms Shipsey was sentenced to a 6-month conditional discharge, ordered to pay costs of £700 and a victim surcharge of £20.

The ICO sends a clear warning

Commenting on the privacy violation, Hazel Padmore, head of investigations at the Information Commissioner’s Office said:

“Individuals accessing social services support are often already in a vulnerable position and have the absolute right to expect their dealings are treated with the utmost respect and in accordance with data protection laws.

“Although new to the role, Shipsey had undertaken both data protection and cyber security training and therefore was acutely aware of the responsibilities she had towards maintaining client confidentiality.

“Our successful prosecution of this individual sends a clear message, that we will take action against individuals who take it upon themselves to abuse their position of trust”.

Lessons learned following social services data breach

The Data Protection Act exists to protect the privacy of individuals. And, this case should remind people that they could face criminal prosecution and fines if they access or share personal data without a legal reason.

At Hayes Connor Solicitors, we see many different types of claims and understand how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

new years honours
, ,

1,000 New Year Honours recipients suffer a data breach

While most of us were enjoying a well-earned break, the home addresses of 1,000 people were posted online. In this case, the impact of the data breach could have far-reaching repercussions as those affected included high-profile individuals such as Sir Elton John and Olivia Newton-John. Politicians (including former Tory leader Iain Duncan Smith) and serving police officers were also impacted by the breach.

Of course, at Hayes Connor, we don’t distinguish between celebs and ordinary people when it comes to upholding data privacy rights. But it is especially worrying that this sensitive information was put at risk and could have fallen into the wrong hands – particularly as many of the recipients are controversial figures. As such, many of those affected will need to assess/increase their current security arrangements.

What happened in this case?

The house numbers and postcodes of hundreds of famous people recognised as part of the British honours system were left available online about an hour. It is likely that the data breach was caused by human error. The Cabinet Office has since apologised for the data protection failure, and the matter has been reported to the Information Commissioner’s Office (ICO), but this is unlikely to help soothe the concerns of those affected.

Commenting on the data breach a spokesperson for privacy campaign group Big Brother Watch said:

“It’s extremely worrying to see that the Government doesn’t have a basic grip on data protection, and that people receiving some of the highest honours have been put at risk because of this.

“It’s a farcical and inexcusable mistake, especially given the new Data Protection Act passed by the Government last year – it clearly can’t stick by its rules.”

What can be done about the New Year Honours data breach?

According to press reports, one victim of the data breach has said that “If those responsible have apologised and it is a genuine error, then there is not much more that can be done”. But this is not actually the case. The vast majority of data breaches are caused by poor data protection policies and a failure to put adequate security procedures and training in place. As such, organisations that expose people to this level of risk must be held accountable for their actions.

Every day we help the victims of data breaches who have become miserable, upset and emotionally distressed by privacy violations. All too often, these victims will have tried to engage with the organisation that has committed the violation. But they will have been rebuffed or offered a wholly inadequate excuse. Almost every organisation fails to recognise the stress, anxiety, upset and anguish caused by the data breach. And it looks like the government is no exception.

What is Hayes Connor doing to help victims of data breaches?

Hayes Connor Solicitors is a law firm operating in the data breach and protection sector. We help our clients to claim data breach compensation following data protection violations, GDPR breaches and other cyber offences.  We are an established and trusted firm that has been helping people to claim compensation for over 50 years.

Over the past two years, we have become a true specialist in the relatively new but increasingly important field of data breach law. And today, this is all we do. Because we have been winning data protection cases longer than most other solicitors, we are more experienced when it comes to understanding the complexities involved. We are also the only legal firm to launch a multi-party action against the ticketing giant Ticketmaster and, in April 2019, our multi-million-pound damages claim against Ticketmaster was issued in the High Court. The estimated total value of our claim on behalf of more than 650 clients is £5 million.

In 2019 we were highly commended for two prestigious legal awards, and so far this year we have already been shortlisted in two categories for the Eclipse Proclaim Modern Law Awards 2020.

Last year alone we opened over 4500 new cases and, crucially, we have a history of winning data breach compensation cases on behalf of our clients.

In larger cases, we work alongside expert data protection barristers. This means you will get the very best level of legal support available.

This means that when someone appoints us, we ensure they get the very best level of legal support available.

Find out more about our data breach experts. 

 

medical records
, ,

How secure are your medical records?

The healthcare industry holds the largest amount of personal data on any one individual. And, a rise in digital and mobile technologies is only making the sector more vulnerable when it comes to cybercrime and data breaches. So what do we know about medical data breaches?

In October alone, three UK hospitals were hit by serious data security incidents:

  • A data breach at Bolton NHS Foundation Trust saw the personal details of 425 pupils from two Greater Manchester secondary schools ‘misplaced’. The privacy violation occurred when the school nursing service transferred records of children moving from primary to secondary school
  • A data error at Norfolk and Norwich University Hospital resulted in the personal details of 11 patients being sent to the wrong address
  • A breach at North Devon District Hospital saw a patient’s voicemail message, containing personal patient details, becoming the hospital’s answerphone message. Because she had provided her phone number in her message, she was subsequently inundated with calls from patients giving details about their health problems.

What are our data breach experts seeing?

At Hayes Connor, we are seeing a significant rise in the number of people contacting us following a data breach at a hospital or GP practice. And, in the most part, these medical data breaches haven’t been caused by human error or cybercriminals. Instead, many privacy violations are happening due to healthcare staff deliberately and inappropriately accessing patient medical records.

In most cases, patients are finding out that their personal information has been accessed following internal audits at the hospital/medical practice. This is because, once a breach is discovered, healthcare organisations are legally obliged to tell anyone who has been affected. Others have found out after suspecting a privacy infringement and complaining to the relevant healthcare provider.

Why are people looking at your medical records?

For the most part, healthcare professionals will only access your records when they have a good reason to do so. For example, when providing you with medical care.  But people are also inherently curious. Especially when it comes to their friends, families and neighbours. So, in a large number of cases, where data has been erroneously accessed, it has been done by relatives/people known to patients.

But whether this is done with good intentions, to be nosey or with malicious intent, this is a serious breach of data protection law.

Medical data breach cases

In one high-profile breach, more than 2,000 confidential hospital patient records were accessed by an employee at Wigan hospital who had no legitimate reason to read the files and was not permitted to do so. As a result of this incident, the Information Commissioner’s Office (ICO) has launched a criminal investigation.

In another case, our client had her medical records unlawfully accessed by her ex. She only found out after she was informed by a mutual friend that her ex-partner had illegally obtained her medical records. He could do this because he was employed by a local NHS Trust. The breach revealed our client’s new home address and contact details to her ex. He was also able to establish every time she had received services provided by the NHS Trust. Because of this data breach, our client suffered significant stress and anxiety.

Who is at fault?

Nobody wants to sue the NHS. It does a great job under challenging circumstances. But something has to be done to make healthcare organisations accountable for any harm they help cause.

Commenting on the increase in medical data breach enquiries we are receiving, senior solicitor at Hayes Connor Christine Sabino said:

I’ve seen first-hand just how distressing a medical data breach experience can be. Especially when personal and highly sensitive information is accessed by someone the patient knows. The consequences on a person’s homelife, mental health and wellbeing can be devastating.

“Of course, it’s easy to blame the individual who looked at the records. But there must be robust protections in place to stop such violations from being possible. Furthermore, all healthcare staff must have training to ensure that they fully understand how to handle data securely, and the consequences of breaching their professional obligations.”

What can you do if your medical information has been breached?

If you have received a letter from your doctor or hospital letting you know that your data has been breached, you could be entitled to compensation.

At Hayes Connor, our expert solicitors deal with a significant number of medical data breach cases. During our work, we see many different types of claims. So, we understand how medical data breaches can affect people in different ways.

Our professional, friendly team will advise you on whether you have a valid claim against a medical or healthcare organisation. If you are not sure whether your sensitive medical information has been misused or mishandled, we can find this out for you.

If we believe you have a substantial case, we may be able to act on a NO WIN, NO FEE basis. Crucially, you have a right to claim compensation for a privacy violation, even if you haven’t suffered as a result.

Contact us today for a free initial assessment.

data breaches
, ,

Public sector responsible for the majority of data breaches

High-profile data breaches such as those at BA, Equifax and Ticketmaster are rarely out of the news. But research shows that the UK’s public sector has been responsible for the most offences over the last eight years[1]. Furthermore, when it comes to privacy violations, over the same period, the ICO has issued more fines for data breach offences than for other wrongdoings such as email/SMS spam and nuisance calls.

According to the figures[2]:

  • The ICO fined organisations a total of £23.5 million between 2011 and 2019
  • £12.6 million of this was issued for data breach offences
  • Public sector organisations have attracted 54% of all fines since 2010
  • All public sector fines were for data breaches
  • Local councils were responsible for half of all data breaches
  • All data breach incidents involving public sector organisations were down to human error.

Public sector data breaches are all too common

Unfortunately, the figures don’t come as a surprise to our data breach lawyers. Talking about the findings, senior solicitor Christine Sabino said:

Data breaches and cybercrime are big news. But, while it is mass privacy cases that make the headlines, smaller, individual data breaches are causing misery and upset to people across the UK.

“I am currently dealing with many cases on behalf of clients who have had their data mishandled by organisations such as local health authorities and councils. And, I’ve seen first-hand just how devastating the experience can be.

“For example, in a recent case, a local authority sent a copy of a court order containing sensitive personal information about our client and their neighbour to his neighbour by mistake. The neighbour opened and read the letter and shared it with other people in the local community. The contents of the letter were highly sensitive and caused distress and embarrassment to our client and his family. As such, the consequences of the error and the impact on his mental health were far-reaching.”

Public trust is being abused

According to the ICO, the British public has significantly more trust and confidence in the NHS, the police, and national governmental bodies than in private companies. But Christine believes that this trust is being abused. She added:

“Public sector bodies handle some of our most sensitive and personal data. And we have the right to expect this will be looked after. Adequate and robust protections are especially important as the world becomes increasingly digital. Furthermore, with human error the leading cause of data breaches, public sector staff must have the training, knowledge and ability to handle our data securely.

“Crucially, where a privacy violation occurs, it’s vital that people know who they can turn to for help.”

Protecting your interests

An established and trusted firm, at Hayes Connor Solicitors we have been helping people to claim compensation for over 50 years. We are true experts in data breach law. This is all we do, and we have been doing it longer than most other solicitors. As such, we lead our field when it comes to understanding the complexities involved.

At Hayes Connor, we help you to claim compensation and steer you through the aftermath of a public sector data breach; minimising the impact on you as much as possible. And, because we are passionate about securing justice for our clients, we offer no-win, no-fee funding arrangements to reduce the pressure at an already difficult time.

But more than this, we also understand the emotional distress that a data breach can cause. As such, as well as providing you with all the legal expertise you need, we will also handle your case with compassion and care.

To speak to Christine, or another of our data protection experts about starting a claim, please contact us for a free initial assessment of your case.


[1] The SMS Works

[2] The analysis does not include the recent fines issued to British Airways Marriott International as these are currently under appeal.

victim of data breach
, ,

Top tips to keep you safe following a data breach

If you have been the victim of a data breach, it is vital that you know how to react.

Here’s what you should do as soon as you find out that your data has been breached

  • Follow any security instructions provided to you by the company which breached your data
  • Contact your bank or credit card provider and let them know what has happened
  • Keep an eye out for any bills or emails about goods or services you haven’t ordered
  • Check your bank statements regularly and alert your bank if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Do not click on any suspicious links. This could result in you giving a fraudster access to your personal or financial details
  • Always question uninvited emails, calls etc. in case it’s a scam. Instead, contact the company directly using a known email or phone number
  • Don’t accept friend requests from people you don’t know on social media and review your privacy settings
  • Report any suspected phishing attempts to the police and Action Fraud
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Change your passwords and use a different password for every account (if you are worried about remembering them all you could sign up to a password manager)
  • Make sure your devices are protected by up-to-date internet security software
  • Contact the ICO to let them know about your concerns. The ICO might investigate the data breach and, while it does not award data breach compensation, if it believes that the organisation in question broke the law, you can use this information in court to help prove your claim.

Make a data breach compensation claim

Organisations have an obligation to protect your sensitive data, but they are consistently failing in this duty resulting in data breaches which cause misery and upset to people across the UK.

We are helping people to get compensation for this inability to look after their information correctly. And we can do the same for you.

If you have been the victim of a data breach and you want to make a data breach compensation claim – for loss of money, emotional distress, or loss of privacy – you should contact Hayes Connor Solicitors.

Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have.

Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about your legal rights when making a claim.

For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

 

pet data breach
, ,

Could your pet be the cause of a data breach?

At Hayes Connor, our data protection solicitors deal with many different types of data breaches. But a recent case was particularly unusual. In this instance, a missing family cat was the cause of the data breach.

What happened in this data protection breach?

We represented a family whose cat went missing causing them understandable upset. The cat had been microchipped, so they were hopeful that they would be reunited with their pet.

In April last year, the data stored by the company responsible for the electronic chip was breached. This breach happened when someone found the cat and took it to be scanned.

Usually, a vet will inform the owner that their pet has been found. However, contrary to the established procedures, in this case, two different vets accessed our client’s data and disclosed this to the person who found the cat. This included our client’s home address.

To make matters worse, our client only found out about the pet data breach when a neighbour asked if the cat had returned home after it disappeared from her friend’s home (the person who found the cat in the first place). So at no point was our client told that their beloved family pet had been found.

In this case, it would be tempting just to blame the vets involved, but after investigation, it became clear that the company responsible for holding the microchip information had not put systems in place to protect the personal data it was responsible for. This lack of adequate internal security systems did nothing to prevent the sharing of personal data by the vet practices.

As a result the family has a claim against the vets that breached their personal data, and the microchipping company.

Why did our client need data protection solicitors?

The family felt that their complaint wasn’t being adequately responded to or taken seriously.

Frustrated that their distress was not being acknowledged they decided to take legal action. They chose Hayes Connor as we specialise in data breach litigation and were also able to take on this pet data breach case on a no win-no fee basis.

What was the result of this pet data breach case?

The Information Commissioner’s Office (ICO) is the UK’s data protection regulator. We advised our client to report this matter to the ICO, which ruled that there had been a breach of Data Protection obligations.

As a result, our client was awarded £1,250 compensation and, just as important, the recognition they wanted for the distress this had caused. Our data protection solicitors also wrote to the microchipping company to advise them on their information rights practices, and have sent recommendations regarding improvements going forward.

Talking about their experience, our client said:

“Very pleased I went with Hayes Connor I would recommend them and use them again if I ever needed to. I didn’t originally set out to make a compensation claim but I’m glad I did. You took my claim seriously and just as importantly your involvement made those responsible take it seriously as well.

Lessons learned

In many cases, data breaches such as this can be avoided by employees abiding by the data protection principles of their organisations. But it is up to these organisations to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Helping to reduce the impact of data breach violations

The Data Protection Act exists to protect the privacy of individuals. However, many organisations have struggled to keep up with changes in the rules, and this could leave everyone vulnerable.

In response, at Hayes Connor, our data protection solicitors help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it.

If you or a member of your family has suffered financial damage, emotional distress or a loss of privacy caused by a breach of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

Not Just Hackers

Cybercrime is big news. It’s almost impossible to pick up a newspaper or turn on the television without hearing about how some big company has been hacked with thousands of customers put at risk. But, while these cases are important, every day smaller data breaches are causing misery and upset to people across the UK.

Our experts deal with a significant volume of data breach cases each day. During our work, we see many different types of claims and how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.