data
,

Disposing personal data? Do so carefully

With human error the leading cause of data breaches, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security to staff.

At Hayes Connor, we’re sharing some of the tips included in this toolkit to raise awareness of the importance of this issue, and to help organisations across the UK improve their data protection processes.

Tip: All information you work with has value. Dispose of it carefully

The risk of not disposing data carefully

When personal and sensitive information is not disposed of correctly, it can fall into the wrong hands. As such, organisations of all kinds must make sure that they correctly destroy and get rid of any such data. Not least because where they don’t, they could face huge fines.

For example, in 2018 the Bayswater Medical Centre in London was found guilty of a serious data protection breach and fined £35,000 by the Information Commissioner’s Office (ICO) after it left highly sensitive medical records, registration forms and repeat prescription information unsecured in an empty building for a year and a half. The data was left on decks, in unlocked cabinets, on windowsills, and in bins. Find out more about this case.

Quick tips

  • Employers must understand the importance of data protection and make sure that strict policies and procedures are put place to ensure the safe disposal of information
  • Simply binning paper-based personal information is not good enough. Un-shredded documents left in the bin or thrown outside for collection could be stolen and used to commit identity theft or corporate fraud. Any organisation that doesn’t have and adhere to a corporate shredding policy could also be in breach of the GDPR
  • Likewise, confidential waste should always be properly disposed of and separated from regular recyclable waste
  • Electronic information held on hard drives and PCs must also be disposed of correctly. This can be done by a professional hard drive and media destruction service
  • In many cases, data breaches can be avoided by staff abiding by the data protection principles of their businesses. But it is up to employers to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

data breach
,

Out of office. Think before you do

With human error the leading cause of data breaches, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security to staff.

At Hayes Connor, we’re sharing some of the tips included in this toolkit to raise awareness of the importance of this issue, and to help organisations across the UK improve their data protection processes.

Tip: All information you work with has value. Think before you take it out of the office.

The risk of mobile working

When personal and sensitive data is retained in offices, it’s easier to keep it safe and prevent unauthorised access. But today, more and more employees are enjoying the benefits of mobile working and this comes with additional data security risks.

For example, in a recent case, we saw the impact of what can happen when an individual’s personal information was left on a train by their solicitor. Following this shocking data breach, the woman suffered severe psychological effects including stress, anxiety and trauma.

Quick tips

  • Employers must understand the importance of data protection and make sure that strict policies and procedures are put place to ensure the safe processing of information – both in and out of the office.
  • In many cases, data breaches can be avoided by staff abiding by the data protection principles of their businesses. But it is up to employers to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

data breach
,

What can you do if you are a victim of tech abuse?

The Victoria Derbyshire programme has highlighted how domestic abusers are using technology to stalk, trap, control, isolate and hunt down their victims.

Sharing her experience, domestic abuse survivor Ellen said how her ex-husband tracked her down after she had moved to a secure refuge in a new town by hacking into her Gmail account and accessing her diary. Although her ex is no longer tracking her movements, the experience is still affecting Ellen physiologically.

Watch Ellen share her experience here.

Speaking to the BBC programme, Refuge – a charity that supports women and children experiencing domestic violence – said that 95% of the cases they see involve tech abuse.

How are abusers using technology?

In some cases, abusers sow location trackers into the linings of a child’s coat or toy in a bid to keep track of their ex-partner’s movements. Also, the charity says that it has found “a rise in the number of women whose children’s IPads, Xboxes and PlayStations have been hacked by the perpetrator to gain full access to their accounts.”

Other common abuse includes hacking email accounts, using social media channels as tools to harass and stalk, monitoring calls and messages, exploiting phone tracking software, and installing cameras around the home.

Are you experiencing tech abuse?

In some cases, people might not know that they are the victim of tech abuse. To help identify the problem, Refuge as provided a quick checklist on its website. People who answer yes to these questions may be experiencing domestic violence.

This includes things like:

  • Has your partner/abuser threatened to share any information about you online
  • Does your partner/abuser seem to know about conversations that you have had without being present?
  • Does your partner/abuser know your whereabouts or turn up unexpectedly wherever you go?
  • Does your partner/abuser stalk and harass you via social media?
  • Has your partner/abuser installed any apps such as ‘find my iPhone’ onto your device?

You can see the list in full here.

What can you do to protect yourself from tech abuse?

Refuge also provides a range of helpful guides and tips for domestic abuse survivors. These include:

  • Technology safety quick tips
  • How to document tech abuse (this is critical for a number of reasons, including if you ever want to pursue legal action)
  • An iPhone privacy and safety guide
  • Tips on how to stay safe on Facebook and Twitter
  • Advice on how privacy could be compromised on online gaming platforms (and what to do to stop this from happening)
  • A guide on spyware and surveillance tools and how breached privacy and security can be re-established
  • A guide on how to create a technology safety plan
  • A list of questions and considerations to go through when looking at using apps
  • A guide to how home devices can be used to facilitate tech abuse.

You can access all of these resources here.

For more advice on how to keep your personal data safe, you can also follow us on Twitter and Facebook.

The tech abuse and empowerment service

Refuge has launched a nationwide tech abuse and empowerment service to support women who have had technology used against them as a weapon of domestic abuse. The service was created to empower survivors so they can use technology positively and safely. You can find out more about this service here.

Taking legal action following tech abuse

In some cases, taking legal action is necessary to end cyberstalking, cyberabuse and harassment. And, if someone is convicted of a cybercrime against you, as well as putting measures in place to stop the unwanted behaviour, the court may also order them to pay you compensation. Where the authorities are not interested, we can assist with a private prosecution.

It’s also possible to take legal action where poor data security processes have allowed someone to access your personal information and carry out tech abuse against you.

If you have been the victim of tech abuse give us a call on 0151 363 5895  or complete our contact form to discuss your case in more depth. Our sensitive, expert team is on hand to answer any questions you might have.

 

data breach claims
, ,

TeamSport Indoor Karting data breach reveals personal & financial information of former employees

Indoor go-karting company TeamSport, which operates racing circuits across the UK, has suffered a significant data breach. As with the majority of cases, it looks like this privacy violation was caused by human error and/or poor processes rather than cybercrime.

In a letter to former employees, the company states that a file was released in error on Friday 22nd March. This file contained personal information relating to their previous employment with TeamSport. It is not yet clear if current employees have also been affected.

The information violated in this privacy breach includes names, titles, National Insurance numbers, employment dates, student loan deductions, tax codes, earnings and tax information. As such this looks to be a very significant incident which could have a severe impact on those affected.

What has TeamSport said about the data breach?

TeamSport has apologised for the data breach and accepted that it did not keep the data as safe as it would have expected.

An investigation is now taking place to establish how this incident occurred. The ICO has also been notified about the breach (as is required by law).

While TeamSport says that the error was spotted promptly, and that the recipient of the file deleted the information and did not disclose it to another party, we have already received a number of enquiries from people who are worried about what could happen now that their personal and financial information has been exposed.

Indeed, while TeamSport says that it considers the risk involved to those affected by the data breach to be negligible, this may not be the case.

In many data breach cases it can take months for the full implications and losses to become apparent. We have seen instances where the financial losses only start to occur three to six months later. What’s more, simply knowing that your details have been exposed can lead to anxiety and distress.

How to protect yourself following the TeamSport Indoor Karting data breach

At Hayes Connor Solicitors, we are experts in data breach cases and would advise those affected by the TeamSport data breach to consider the following steps:

  • Inform the Information Commissioner’s Office (ICO) about your concerns
  • If you are concerned that your financial details have been compromised contact your bank/credit card provider immediately
  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Look out for any bills or emails showing goods or services you haven’t ordered
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Beware of fraudsters who attempt to gather additional personal information (phishing)
  • Change your passwords on all your accounts.

 

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

Claiming compensation for the TeamSport Indoor Karting data breach

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests, it is often the only way organisations will be persuaded to take their responsibilities seriously and make the necessary improvements.

Those who have been affected should be contacted by TeamSport. If you receive this letter you may be able to claim compensation once the matter has been investigated.

To ensure that you are fully informed and kept up-to-date, simply fill in our quick form and we will notify you about the investigation and your legal rights when making a claim.

 

notjusthackers
,

Could a simple email error cause a serious data breach?

With human error the leading cause of data breaches, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security to staff.

At Hayes Connor, we’re sharing some of the tips included in this toolkit to raise awareness of the importance of this issue, and to help organisations across the UK improve their data protection processes.

Tip: Most security breaches happen because of distractions or mistakes. Always check email addresses, content and attachments before you click ‘Send’

The problem with email

Most of us hand over our email addresses in return for services. And we do so willingly. But our email addresses provide a way into our digital life so organisations must keep them safe.

Common mistakes when sending emails include:

  • Misspelling an email address and sending it to the wrong person
  • Not using the bcc functionality when sending to multiple recipients
  • Attaching the wrong information to an email.

For example, an independent inquiry into child sexual abuse was fined £200,000 by the ICO after sending a bulk email that identified possible abuse victims. In this case, an officer sent an email to 90 people involved in a review without using the blind carbon copy (bcc) functionality. This allowed the recipients to see each other’s email addresses and identified them as possible victims of child sexual abuse.

Furthermore, in many cases, the wrong email addresses are being supplied in the first place. So individuals should also do more to protect their data.

For example, in another case, a person signed up to a credit service, but when doing so, entered a slightly incorrect email address. This email address then doubled as the account username. When an email was sent from the credit service to confirm the account, it was, therefore, sent to the wrong person. Because this stranger had full access to the account, they could get into the account and even change the password. So, one small mistake let the wrong person see a huge range of personal information including the date of birth and previous addresses of the actual account holder, as well as information about their applications for credit.

Quick tips

  • Make sure you enter your email address correctly when signing up online
  • Employers must understand the importance of data protection and make sure that strict policies and procedures are put place to ensure the safe processing of information
  • In many cases, data breaches can be avoided by staff abiding by the data protection principles of their businesses. But it is up to employers to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws
  • Companies are also being urged to find other ways to check their customers are who they say they are (e.g. two-factor authentication and ensuring people signing up for a service enter their email address twice – with no cut and paste option).

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

, ,

Woman has her medical records unlawfully accessed by her ex

As our health and social care system becomes digital, it is vital that there are adequate and robust protections in place to secure the data held within it. And that healthcare staff have the knowledge and ability to handle such information securely.

In a recent case, we saw the impact of what can happen when an employee accessed the medical records of his ex to get hold of her personal information.

What happened in this case?

In this case, our client was informed by a mutual friend that her ex-partner had unlawfully accessed her medical records. He could do this because a local NHS Trust employed him.

Our client complained to the Trust, and it admitted the data breach.

The breach revealed our client’s home address and contact details to her ex-partner. He was also able to establish every occasion that our client had received or been discharged from services provided by the NHS Trust.

As a direct result of this data breach, our client suffered significant stress and anxiety due to the fact that the information was distributed amongst numerous other people.

Turning to Hayes Connor Solicitors for help we were able to secure damages of £3,500.  In response, our client has provided some lovely feedback describing her experience with Hayes Connor solicitor James Kelliher:

 “Would like to say the service I experienced was 110% all the way through thanks to James. I’m glad I found his service on the internet and rang ASAP for help with my data breach claim. If anyone has any doubts or worries about data breach then James is the one to help you. I appreciate what he’s done for me so very much. Fast and very friendly service and can’t speak more highly of him. Once again thank you James.”

Lessons learned

The healthcare sector handles some of our most sensitive personal data, and, as patients, we have the right to expect this will be looked after. However, all too often this isn’t the case.

Hospitals and other healthcare organisations need to do more to protect sensitive patient data. It is vital that there are adequate and robust protections in place to secure patient information and to ensure that it is only accessed by those people who need it to ensure the provision of medical care and support.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

notjusthackers
, , ,

NHS family member shared confidential medical information

When it comes to medical data breaches, in most cases, it is human error rather than cybercrime that leads to information falling into the wrong hands. But what happens when someone deliberately accesses and shares your private and sensitive medical records?

In a recent case, our solicitors saw the impact of what can happen when sensitive medical information was revealed by a family member working for the NHS.

What happened in this case?

In this data breach, the sister-in-law of our client (who was a NHS staff member), accessed the NHS system and then shared personal details about our client with the rest of her family. This included specific information about our client’s baby.

As a direct result of this violation, our client’s relationship with family has broken down. She has received threats from a family member resulting in police involvement, and has to deal with the ongoing worry of further danger.

In response, our client has suffered stress, anxiety attacks and trauma. Ultimately she has required medication to be prescribed to help manage the psychological effects of this terrible breach of trust.

To make matter worse, the breach has meant that our client can no longer continue her university studies, so she has also suffered the loss of expenses, and the opportunity to progress her career.

Lessons learned

NHS employees have a duty of confidentiality not to divulge private information. But in this case, this duty was disregarded. And, while the family member who accessed the data is responsible for this, the NHS must do more to protect patient information. For example, by designing systems that only allow the specific specialists, doctors or consultant allocated to a patient to have access to their data.

Also, every staff member accessing a patient’s records should provide a reason for doing so. And all NHS employees should receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

notjusthackers
, ,

What can happen when your ex gets access to your financial information?

When we think about data breaches, we often worry about hackers and cybercriminals getting hold of our banking details. But in some cases, significant damage can be caused when our financial situation is made available to people much closer to home.

In a recent case, our solicitors saw the impact of what can happen when a bank statement was sent to an ex-partner’s address by mistake.

What happened in this case?

In this data breach, our client’s bank sent personal information disclosing his financial situation to his previous address, where his ex-partner still lived. This happened despite our client changing his address with his bank five years ago.

Our client’s ex-partner then disclosed this information to her friends, family and acquaintances; causing him significant distress and embarrassment. Furthermore, due to the disclosure of his financial position, our client’s ex-partner also refused him access to their children and prevented him from taking them on holiday.

As a direct result of this data breach, our client has suffered severe psychological effects, including stress and anxiety.

What can you do to stop this from happening to you?

When handing over your postal address to an organisation, it is vital that you check that these details have been taken down correctly. You are completely within your rights to ask for a copy of the data your bank (or any other organisation) holds about you. This is called making a subject access request (SAR). This won’t guarantee that an error doesn’t result in information going to the wrong address (as in this case) but it is a good safety precaution to take. Find out more about making a SAR.

Lessons learned

If you are an employee of a bank and you want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the addresses of your customers are correct. Such steps could include things like additional data protection training, making sure that all updated addresses and information are saved in the correct field, and checks and balances on systems generating correspondence.

In many cases, data breaches can be avoided by employees abiding by the data protection principles of their organisations. But it is up to these organisations to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

notjusthackers
, ,

Can you trust solicitors to look after your personal data?

At Hayes Connor, we’re committed to upholding the standards of our industry. That’s why it’s particularly upsetting when we are contacted by someone who has been let down by their solicitor.

In a recent case, we saw the impact of what can happen when a client’s personal information wasn’t looked after by the person they trusted to represent them.

What happened in this case?

In this data breach, a former member of the Armed Forces appointed a solicitor to represent her at a Tribunal she was involved in. However, this solicitor lost her sensitive information, including her medical and service records on a train.

Following this shocking data breach, the woman suffered severe psychological effects including stress, anxiety and trauma. As a result, she has been prescribed medication, and her ongoing conditions have been exacerbated.

Turning to Hayes Connor for help, she revealed that her mental health had deteriorated to such an extent that it affected her ability to leave the house, and led to in her being demoted in work, resulting in a substantial pay cut.

Lessons learned

Solicitors must understand the importance of data protection and make sure that strict policies and procedures are put place to ensure the safe processing of information – both in and out of the office.

In many cases, data breaches can be avoided by solicitors abiding by the data protection principles of their firms. But it is up to these firms to make sure that all employees receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

At Hayes Connor, our process is fully compliant with ICO guidance and we never put your details at risk.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

data breach solicitors
, , ,

What can happen when medical information falls into the wrong hands?

The world is rapidly going digital. And, this online information revolution has seen most organisations move away from paper record keeping. However, over the last few years, such information has proved a lucrative target for hackers.

But, when it comes to information falling into the wrong hands, in most cases, it is human error rather than cybercrime that is the biggest cause of data breaches. And, these errors are just as likely to happen offline.

In a recent case, our solicitors saw the impact of what can happen when sensitive medical information was sent to the wrong address by mistake.

What happened in this case?

In this data breach, HM Courts & Tribunals Service (HMCTS) sent a copy of a confidential medical report to a person’s former partner by mistake. The report from a doctor said that the man (our client) was depressed and suicidal.

Once our client’s ex read the report – a document that she should never have had access to – she used its contents in an application to reduce his contact with his children. This application was successful (the court was not aware how this information was obtained).

As a direct response of the admin error, this data breach has had a devastating impact on our client. Having reduced contact with his children has caused him considerable distress and upset as well as aggravating his mental health problems.  So, in this case, the consequences have been particularly severe.

What can you do to stop this from happening to you?

When handing over your postal address to an organisation, it is vital that you check that these details have been taken down correctly.  You are completely within your rights to ask for a copy of the data an organisation holds about you. This is called making a subject access request (SAR). This won’t guarantee that an error doesn’t result in information going to the wrong address, but it is a good safety precaution to take. Find out more about making a SAR.

You should also ask any organisation that has access to your medical records about what type of information they share and with who.

You can also choose not to have your medical information shared or used for any purpose beyond providing your own treatment or care. This choice is known as a national data opt-out. Find out more about the national data opt-out.

Of course, there may be instances (as in this case) where you need or want to share this information. Likewise, your confidential patient information may still be used when there is a legal requirement to provide it.

Lessons learned

The duty of confidentiality goes beyond undertaking not to divulge confidential information; it includes a responsibility to make sure that written patient information is kept securely.

If you are an employee of a medical organisation or a government agency or department and you want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the addresses of your customers are correct. This is especially important if you deal with sensitive information such as medical reports. Such steps could include things like additional data protection training, and checks and balances on systems generating correspondence.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.