, , ,

Are you worried about the Watford Community Housing Trust data breach?

Watford Community Housing Trust has inadvertently leaked the personal details of 3,545 tenants. The violation happened when the Trust sent out an email to residents, informing them of changes to services during the coronavirus outbreak and the closure of its offices on Clarendon Road. At Hayes Connor, we have been contacted by many Watford Community Housing Trust residents, all of who are worried about the increased risk, and some of who are vulnerable and now living in fear.

What details were breached by Watford Community Housing?

Attached to the email was a spreadsheet containing the personal information of thousands of tenants. This included addresses, contact details, gender and sexual orientation. It is believed that everyone who received the email, also received the spreadsheet.

While Watford Community Housing Trust had hoped to reassure residents, the data breach has only led to more anxiety at this already difficult time.

The impact of the Watford Community Housing Trust data breach is devastating for many people

There are already calls for all 3,545 tenants to be compensated for the breach.

Speaking to the Watford Observer, one of the individuals affected said: “There’s vulnerable people out there, the information being leaked has put so many tenants in life changing and life-threatening situations. This is not appropriate. Therefore, an apology isn’t enough – everyone should be compensated.”

Another was reported to feel “horrible” that her sexuality was shared with thousands of people.

There were also concerns that home addresses were now publicly available, perhaps to people that some of those affected were trying to avoid.

Coronavirus and data breaches

Hayes Connor has already raised concerns about a potential increase in data breaches during the coronavirus pandemic. We believe that these could occur in several different ways. For example:

An increase in phishing emails and coronavirus scams

Hayes Connor has warned people to be on their guard in case of coronavirus scams and phishing messages. Earlier this week, it was discovered that fraudsters were going door-to-door pretending to offer coronavirus tests. But, it’s not just doorstep criminals we need to look out for. According to Action Fraud, coronavirus scams have cost victims over £800k in just one month.

Find out more about this here.

An increase in data breaches due to homeworking

As businesses navigate the unprecedented coronavirus crisis and respond by increasing home and remote working, careful consideration around data security is also paramount.

Talking about this, Kingsley Hayes, our managing director and data protection expert, said:

“Businesses are operating in unchartered waters with no definite future forecast. The impact of the coronavirus crisis will be far-reaching. Commercial survival will rely on the ability of organisations to quickly adapt working practices to keep staff and clients safe while maintaining business as usual.

 “Technology facilitates the ease with which many legal practices can adapt to employees working remotely however, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind.

 “The National Cyber Security Centre advises organisations to have a mobile working policy to ensure that all staff are not only aware of the increased risks, but also that all employees adopt the relevant security measures.

 “The vast majority of data breaches take place due to human error. Preventing incidents can be as simple as carefully considering the remote working environment. Working from the privacy of home, rather than a public place for example, can reduce the risks.

 “Appropriately limiting remote access to and storage of files and information and sending encrypted data, if possible, will also prevent costly data breach incidents. The way in which businesses operate in the current climate has changed however, data protection obligations remain the same.”

 An increase in human error

As the coronavirus situation escalates, we are all feeling more anxious than usual. Human error is the greatest cause of data breaches at the best of times, so it is to be expected that such instances might increase when people are worried and confused.

However, while stress and nervousness might explain why someone might make an error, there is no excuse for organisations that do not have robust data security processes in place to prevent such breaches from happening in the first place.

Watford Community Housing might “apologise unreservedly for this breach”, but had it implemented some simple security measures (e.g. password controls/encryption on sensitive data), any damage could have been alleviated.

What can you do about the Watford Community Housing Trust data breach?

According to Watford Community Housing, anyone with concerns should email CustomerRelationsTeam@wcht.org.uk in the first instance.

However, with many tenants left upset, angry and even scared, many are seeking compensation and have turned to Hayes Connor for help.

If you are concerned about this breach, our professional, friendly team will be pleased to answer any questions you might have.

We also understand that making a compensation claim can be stressful; especially where sensitive information is already breached. So, we remove the jargon and make sure you always know what’s happening with your case.

The UK’s leading data breach law firm, we may be able to act for you on a NO WIN, NO FEE basis – so you have nothing to lose.

Register to tell us about how the Watford Community Housing Trust data breach has affected you. Or contact us on 0151 363 5895*.


*Read our coronavirus statement to find out more about how we are continuing to serve our clients during the COVID-19 outbreak.

 

, , ,

Sensitive medical data was sent to the wrong patient

When we think about data breaches, we often worry about hackers and cybercriminals getting hold of our banking and credit card details. But the truth is, most data breaches are caused, not by fraudsters, but by human error and poor data management processes. And the result can be just as devastating. In a recent case, our solicitors saw the significant damage and distress caused when personal medical information was sent to the wrong person. But what happened in this failure in patient care? And what can you do if it happens to you?

What happened in this case?

Our client was due to start a three-month course of treatment for anxiety and depression. But his mental health was made significantly worse when his private medical information, including his diagnosis and contact details, was sent to the wrong patient.

Realising the error, this patient returned the sensitive information to the relevant NHS department, and it admitted that it had made a mistake. However, it took the NHS four days to let our client know that his privacy had been violated. And the consequences lasted much longer.

This was a severe breach, which exasperated our client’s mental health issues. As a result, he went on to suffer a panic attack. To make matters worse, the NHS tried to minimise the incident and didn’t properly acknowledge or try to understand the effects that the breach had on our client’s existing mental health issues.

Keen to make sure that the NHS was held to account for its failure in patient care, our client contacted Hayes Connor Solicitors after we were recommended to him. This was particularly important as he did not see any evidence of new measures to avoid similar incidents recurring.

Following the shocking failure in patient care, we were able to secure £2,000 in damages for our client. He was pleased with the friendly, clear, honest and timely management of his claim and he was happy with the result – particularly as Hayes Connor consulted an expert to gauge the maximum compensation that could be secured in these circumstances.

We genuinely hope that our client can get on with the rest of his life. There is no doubt that he has become very security conscious as a result of the breach.

Medical organisations must be held to account

Nobody wants to sue the NHS. It does a great job under challenging circumstances. But, the sheer scale of the information we share with healthcare organisations is enough to leave us all open to the threat of fraud, anxiety and stress. So, this data must be treated with the highest levels of care; not least because of the potential damage should it fall into the wrong hands.

In most cases, medical data breaches happen because of human error and a failure to implement reasonable and robust processes. So, claiming compensation isn’t just in your best interests. It is the only way these organisations will be persuaded to take their responsibilities seriously and make the necessary improvements.

Not just hackers

Hayes Connor Solicitors wants to reduce the number of data violations taking place across the UK. To do this, we are sharing real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses. Or give us a call to discuss your case in more depth.

 

council data breach
, ,

Council data breach after worker illegally accessed records 83 times in six months

A former reablement officer has been prosecuted for accessing social care records without authorisation. In this council data breach case, Dannyelle Shaw, who worked at Walsall Metropolitan Borough Council, inappropriately accessed the social care records of 7 adults and 9 children without any business need to do so.

According to reports, Ms Shaw illegally accessed the social care database without authority 83 times between April and September 2017. One of the adults affected later found out and made a complaint.

Ms Shaw had received training in data protection and confidentiality protocols. As a result, she was dismissed by the council before being prosecuted by the Information Commissioner’s Office (ICO).

Appearing before Wolverhampton Magistrates’ Court, Ms Shaw was sentenced to a fine of £450, ordered to pay costs of £364 and a victim surcharge of £45.

A price not worth paying

Speaking about this council data breach, Hazel Padmore, head of investigations at the ICO, said:

“People whose work allows them access to what can often be highly sensitive personal information need to know that the ICO will act to protect the legal rights of data subjects.

“This is another case where someone clearly knew the importance of confidentiality and protecting people’s personal information but decided to disregard all their training for their own reasons, and ended up paying a heavy price.

“Losing your job and ending up before the courts is not a price worth paying.”

Not Just Hackers

This case should remind people that they could face criminal prosecution and fines if they access or share personal data without a legal reason.

At Hayes Connor Solicitors, we see many different types of claims and understand how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

 

, ,

Former social worker fined for illegally sharing highly sensitive information on children

A former social worker has been prosecuted for illegally sharing the personal information of children. The social work data breach affected 14 youngsters in care; some of who were at risk of child sexual exploitation.

What happened in this case?

Leo Kirk, was suspended from his job as a social worker after it was discovered that he had persuaded a grieving woman to lend him money for a mortgage repayment. The woman had post-traumatic stress disorder, anxiety and depression. As part of his job, he had helped her to claim backdated benefits before he was transferred to another post.

He was then reprimanded by the Health and Care Professions Tribunal Service for a clear breach of professional boundaries. He was accused of a ‘lack of integrity” and ”abusing his position of power”

To make matters worse, without disclosing his suspension, Mr Kirk carried on working for a private care company that helps young people. Mr Kirk then sent private documents that included sensitive information about several youngsters to a rival organisation.

What was the outcome of this social work data breach?

The UK’s data watchdog began an investigation into the social worker data breach after Mr Kirk’s employer found out about the breach.

According to the Information Commissioner’s Office (ICO):

”We received a report about unlawful misuse of personal data by a manager who had without reason passed on documents about up to 14 young people aged 16 to 18 to a competitor. He was employed by Holywell children’s services but gave details of 14 children to Hillgate Health group, which was providing placements for children who are in care.

”Mr Kirk was suspended from his job on May 10, after breaching data protection rules and an investigation revealed he had unlawfully disclosed referrals for residential and foster care placements for vulnerable young people aged between 16 and 18.

“The information identified sensitive personal data including accommodation and foster referrals and personal data about children in care.

”This sensitive personal data including details concerning sexual behaviour, sexual grooming and the risk of child sexual exploitation plus any history of abuse. It also contained details their health, police cautions and court referrals.

Mr Kirk admitted two charges of obtaining and recklessly disclosing personal data under the Data Protection Act 1998. In response, he was fined £483 and ordered to pay a further £412 in costs by Stockport Magistrates’ Court.

Mr Kirk is no longer involved in social work.

Lessons learned

The Data Protection Act exists to protect the privacy of individuals. And, this case should remind people that they could face criminal prosecution and fines if they access or share personal data without a valid reason.

At Hayes Connor Solicitors, we see many different types of claims and understand how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

, ,

Woman prosecuted for social services data breach

A woman has prosecuted for accessing social care records without authorisation. Michelle Shipsey, a former social services support officer at Dorset County Council, accessed the records of four people she knew without any business need to do so. She also gave the details to parents at their children’s school. Following the social services data breach, an internal investigation was launched by Dorset County Council. However, no further action was taken at this time as the woman then resigned from the council.

Appearing before Poole Magistrates’ Court, Ms Shipsey was sentenced to a 6-month conditional discharge, ordered to pay costs of £700 and a victim surcharge of £20.

The ICO sends a clear warning

Commenting on the privacy violation, Hazel Padmore, head of investigations at the Information Commissioner’s Office said:

“Individuals accessing social services support are often already in a vulnerable position and have the absolute right to expect their dealings are treated with the utmost respect and in accordance with data protection laws.

“Although new to the role, Shipsey had undertaken both data protection and cyber security training and therefore was acutely aware of the responsibilities she had towards maintaining client confidentiality.

“Our successful prosecution of this individual sends a clear message, that we will take action against individuals who take it upon themselves to abuse their position of trust”.

Lessons learned following social services data breach

The Data Protection Act exists to protect the privacy of individuals. And, this case should remind people that they could face criminal prosecution and fines if they access or share personal data without a legal reason.

At Hayes Connor Solicitors, we see many different types of claims and understand how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

new years honours
, ,

1,000 New Year Honours recipients suffer a data breach

While most of us were enjoying a well-earned break, the home addresses of 1,000 people were posted online. In this case, the impact of the data breach could have far-reaching repercussions as those affected included high-profile individuals such as Sir Elton John and Olivia Newton-John. Politicians (including former Tory leader Iain Duncan Smith) and serving police officers were also impacted by the breach.

Of course, at Hayes Connor, we don’t distinguish between celebs and ordinary people when it comes to upholding data privacy rights. But it is especially worrying that this sensitive information was put at risk and could have fallen into the wrong hands – particularly as many of the recipients are controversial figures. As such, many of those affected will need to assess/increase their current security arrangements.

What happened in this case?

The house numbers and postcodes of hundreds of famous people recognised as part of the British honours system were left available online about an hour. It is likely that the data breach was caused by human error. The Cabinet Office has since apologised for the data protection failure, and the matter has been reported to the Information Commissioner’s Office (ICO), but this is unlikely to help soothe the concerns of those affected.

Commenting on the data breach a spokesperson for privacy campaign group Big Brother Watch said:

“It’s extremely worrying to see that the Government doesn’t have a basic grip on data protection, and that people receiving some of the highest honours have been put at risk because of this.

“It’s a farcical and inexcusable mistake, especially given the new Data Protection Act passed by the Government last year – it clearly can’t stick by its rules.”

What can be done about the New Year Honours data breach?

According to press reports, one victim of the data breach has said that “If those responsible have apologised and it is a genuine error, then there is not much more that can be done”. But this is not actually the case. The vast majority of data breaches are caused by poor data protection policies and a failure to put adequate security procedures and training in place. As such, organisations that expose people to this level of risk must be held accountable for their actions.

Every day we help the victims of data breaches who have become miserable, upset and emotionally distressed by privacy violations. All too often, these victims will have tried to engage with the organisation that has committed the violation. But they will have been rebuffed or offered a wholly inadequate excuse. Almost every organisation fails to recognise the stress, anxiety, upset and anguish caused by the data breach. And it looks like the government is no exception.

What is Hayes Connor doing to help victims of data breaches?

Hayes Connor Solicitors is a law firm operating in the data breach and protection sector. We help our clients to claim data breach compensation following data protection violations, GDPR breaches and other cyber offences.  We are an established and trusted firm that has been helping people to claim compensation for over 50 years.

Over the past two years, we have become a true specialist in the relatively new but increasingly important field of data breach law. And today, this is all we do. Because we have been winning data protection cases longer than most other solicitors, we are more experienced when it comes to understanding the complexities involved. We are also the only legal firm to launch a multi-party action against the ticketing giant Ticketmaster and, in April 2019, our multi-million-pound damages claim against Ticketmaster was issued in the High Court. The estimated total value of our claim on behalf of more than 650 clients is £5 million.

In 2019 we were highly commended for two prestigious legal awards, and so far this year we have already been shortlisted in two categories for the Eclipse Proclaim Modern Law Awards 2020.

Last year alone we opened over 4500 new cases and, crucially, we have a history of winning data breach compensation cases on behalf of our clients.

In larger cases, we work alongside expert data protection barristers. This means you will get the very best level of legal support available.

This means that when someone appoints us, we ensure they get the very best level of legal support available.

Find out more about our data breach experts. 

 

medical records
, ,

How secure are your medical records?

The healthcare industry holds the largest amount of personal data on any one individual. And, a rise in digital and mobile technologies is only making the sector more vulnerable when it comes to cybercrime and data breaches. So what do we know about medical data breaches?

In October alone, three UK hospitals were hit by serious data security incidents:

  • A data breach at Bolton NHS Foundation Trust saw the personal details of 425 pupils from two Greater Manchester secondary schools ‘misplaced’. The privacy violation occurred when the school nursing service transferred records of children moving from primary to secondary school
  • A data error at Norfolk and Norwich University Hospital resulted in the personal details of 11 patients being sent to the wrong address
  • A breach at North Devon District Hospital saw a patient’s voicemail message, containing personal patient details, becoming the hospital’s answerphone message. Because she had provided her phone number in her message, she was subsequently inundated with calls from patients giving details about their health problems.

What are our data breach experts seeing?

At Hayes Connor, we are seeing a significant rise in the number of people contacting us following a data breach at a hospital or GP practice. And, in the most part, these medical data breaches haven’t been caused by human error or cybercriminals. Instead, many privacy violations are happening due to healthcare staff deliberately and inappropriately accessing patient medical records.

In most cases, patients are finding out that their personal information has been accessed following internal audits at the hospital/medical practice. This is because, once a breach is discovered, healthcare organisations are legally obliged to tell anyone who has been affected. Others have found out after suspecting a privacy infringement and complaining to the relevant healthcare provider.

Why are people looking at your medical records?

For the most part, healthcare professionals will only access your records when they have a good reason to do so. For example, when providing you with medical care.  But people are also inherently curious. Especially when it comes to their friends, families and neighbours. So, in a large number of cases, where data has been erroneously accessed, it has been done by relatives/people known to patients.

But whether this is done with good intentions, to be nosey or with malicious intent, this is a serious breach of data protection law.

Medical data breach cases

In one high-profile breach, more than 2,000 confidential hospital patient records were accessed by an employee at Wigan hospital who had no legitimate reason to read the files and was not permitted to do so. As a result of this incident, the Information Commissioner’s Office (ICO) has launched a criminal investigation.

In another case, our client had her medical records unlawfully accessed by her ex. She only found out after she was informed by a mutual friend that her ex-partner had illegally obtained her medical records. He could do this because he was employed by a local NHS Trust. The breach revealed our client’s new home address and contact details to her ex. He was also able to establish every time she had received services provided by the NHS Trust. Because of this data breach, our client suffered significant stress and anxiety.

Who is at fault?

Nobody wants to sue the NHS. It does a great job under challenging circumstances. But something has to be done to make healthcare organisations accountable for any harm they help cause.

Commenting on the increase in medical data breach enquiries we are receiving, senior solicitor at Hayes Connor Christine Sabino said:

I’ve seen first-hand just how distressing a medical data breach experience can be. Especially when personal and highly sensitive information is accessed by someone the patient knows. The consequences on a person’s homelife, mental health and wellbeing can be devastating.

“Of course, it’s easy to blame the individual who looked at the records. But there must be robust protections in place to stop such violations from being possible. Furthermore, all healthcare staff must have training to ensure that they fully understand how to handle data securely, and the consequences of breaching their professional obligations.”

What can you do if your medical information has been breached?

If you have received a letter from your doctor or hospital letting you know that your data has been breached, you could be entitled to compensation.

At Hayes Connor, our expert solicitors deal with a significant number of medical data breach cases. During our work, we see many different types of claims. So, we understand how medical data breaches can affect people in different ways.

Our professional, friendly team will advise you on whether you have a valid claim against a medical or healthcare organisation. If you are not sure whether your sensitive medical information has been misused or mishandled, we can find this out for you.

If we believe you have a substantial case, we may be able to act on a NO WIN, NO FEE basis. Crucially, you have a right to claim compensation for a privacy violation, even if you haven’t suffered as a result.

Contact us today for a free initial assessment.

data breaches
, ,

Public sector responsible for the majority of data breaches

High-profile data breaches such as those at BA, Equifax and Ticketmaster are rarely out of the news. But research shows that the UK’s public sector has been responsible for the most offences over the last eight years[1]. Furthermore, when it comes to privacy violations, over the same period, the ICO has issued more fines for data breach offences than for other wrongdoings such as email/SMS spam and nuisance calls.

According to the figures[2]:

  • The ICO fined organisations a total of £23.5 million between 2011 and 2019
  • £12.6 million of this was issued for data breach offences
  • Public sector organisations have attracted 54% of all fines since 2010
  • All public sector fines were for data breaches
  • Local councils were responsible for half of all data breaches
  • All data breach incidents involving public sector organisations were down to human error.

Public sector data breaches are all too common

Unfortunately, the figures don’t come as a surprise to our data breach lawyers. Talking about the findings, senior solicitor Christine Sabino said:

Data breaches and cybercrime are big news. But, while it is mass privacy cases that make the headlines, smaller, individual data breaches are causing misery and upset to people across the UK.

“I am currently dealing with many cases on behalf of clients who have had their data mishandled by organisations such as local health authorities and councils. And, I’ve seen first-hand just how devastating the experience can be.

“For example, in a recent case, a local authority sent a copy of a court order containing sensitive personal information about our client and their neighbour to his neighbour by mistake. The neighbour opened and read the letter and shared it with other people in the local community. The contents of the letter were highly sensitive and caused distress and embarrassment to our client and his family. As such, the consequences of the error and the impact on his mental health were far-reaching.”

Public trust is being abused

According to the ICO, the British public has significantly more trust and confidence in the NHS, the police, and national governmental bodies than in private companies. But Christine believes that this trust is being abused. She added:

“Public sector bodies handle some of our most sensitive and personal data. And we have the right to expect this will be looked after. Adequate and robust protections are especially important as the world becomes increasingly digital. Furthermore, with human error the leading cause of data breaches, public sector staff must have the training, knowledge and ability to handle our data securely.

“Crucially, where a privacy violation occurs, it’s vital that people know who they can turn to for help.”

Protecting your interests

An established and trusted firm, at Hayes Connor Solicitors we have been helping people to claim compensation for over 50 years. We are true experts in data breach law. This is all we do, and we have been doing it longer than most other solicitors. As such, we lead our field when it comes to understanding the complexities involved.

At Hayes Connor, we help you to claim compensation and steer you through the aftermath of a public sector data breach; minimising the impact on you as much as possible. And, because we are passionate about securing justice for our clients, we offer no-win, no-fee funding arrangements to reduce the pressure at an already difficult time.

But more than this, we also understand the emotional distress that a data breach can cause. As such, as well as providing you with all the legal expertise you need, we will also handle your case with compassion and care.

To speak to Christine, or another of our data protection experts about starting a claim, please contact us for a free initial assessment of your case.


[1] The SMS Works

[2] The analysis does not include the recent fines issued to British Airways Marriott International as these are currently under appeal.

pet data breach
, ,

Could your pet be the cause of a data breach?

At Hayes Connor, our data protection solicitors deal with many different types of data breaches. But a recent case was particularly unusual. In this instance, a missing family cat was the cause of the data breach.

What happened in this data protection breach?

We represented a family whose cat went missing causing them understandable upset. The cat had been microchipped, so they were hopeful that they would be reunited with their pet.

In April last year, the data stored by the company responsible for the electronic chip was breached. This breach happened when someone found the cat and took it to be scanned.

Usually, a vet will inform the owner that their pet has been found. However, contrary to the established procedures, in this case, two different vets accessed our client’s data and disclosed this to the person who found the cat. This included our client’s home address.

To make matters worse, our client only found out about the pet data breach when a neighbour asked if the cat had returned home after it disappeared from her friend’s home (the person who found the cat in the first place). So at no point was our client told that their beloved family pet had been found.

In this case, it would be tempting just to blame the vets involved, but after investigation, it became clear that the company responsible for holding the microchip information had not put systems in place to protect the personal data it was responsible for. This lack of adequate internal security systems did nothing to prevent the sharing of personal data by the vet practices.

As a result the family has a claim against the vets that breached their personal data, and the microchipping company.

Why did our client need data protection solicitors?

The family felt that their complaint wasn’t being adequately responded to or taken seriously.

Frustrated that their distress was not being acknowledged they decided to take legal action. They chose Hayes Connor as we specialise in data breach litigation and were also able to take on this pet data breach case on a no win-no fee basis.

What was the result of this pet data breach case?

The Information Commissioner’s Office (ICO) is the UK’s data protection regulator. We advised our client to report this matter to the ICO, which ruled that there had been a breach of Data Protection obligations.

As a result, our client was awarded £1,250 compensation and, just as important, the recognition they wanted for the distress this had caused. Our data protection solicitors also wrote to the microchipping company to advise them on their information rights practices, and have sent recommendations regarding improvements going forward.

Talking about their experience, our client said:

“Very pleased I went with Hayes Connor I would recommend them and use them again if I ever needed to. I didn’t originally set out to make a compensation claim but I’m glad I did. You took my claim seriously and just as importantly your involvement made those responsible take it seriously as well.

Lessons learned

In many cases, data breaches such as this can be avoided by employees abiding by the data protection principles of their organisations. But it is up to these organisations to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Helping to reduce the impact of data breach violations

The Data Protection Act exists to protect the privacy of individuals. However, many organisations have struggled to keep up with changes in the rules, and this could leave everyone vulnerable.

In response, at Hayes Connor, our data protection solicitors help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it.

If you or a member of your family has suffered financial damage, emotional distress or a loss of privacy caused by a breach of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

Not Just Hackers

Cybercrime is big news. It’s almost impossible to pick up a newspaper or turn on the television without hearing about how some big company has been hacked with thousands of customers put at risk. But, while these cases are important, every day smaller data breaches are causing misery and upset to people across the UK.

Our experts deal with a significant volume of data breach cases each day. During our work, we see many different types of claims and how data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

 

 

data breach claim
, , ,

Making a data breach claim. What has changed?

A recent case against Google for illegal data harvesting has transformed how data breach claims are managed in the UK. But what has actually changed? And what does this mean for you?

The background

Between 2011 and 2012, Google used cookies on Apple’s Safari web browser to illegally collect data about its users. In response, a group action was launched to help people challenge the big technology company over this data privacy violation. But, in October 2018, the case was thrown out.

Essentially, it was deemed too difficult to calculate how many people had been affected, and in what way. This is because, to make a data breach claim, each person had to show that they had experienced harm as a direct result of the breach. For example, emotional distress or financial loss. In group action cases such as this, where multiple people had been affected, this was especially complicated.

However, this case was taken to appeal, and, in a “ground-breaking” ruling, the Court effectively reformed the data breach claims process.

Change one – you can make a data breach claim even if you haven’t suffered a loss

The Court of Appeal decided that data breach claims are valid, even if someone hasn’t suffered financial or emotional damage as a result. If a company does not protect your data in the way it is legally obliged to do, you can claim for this data privacy failure.

Change two – you can make a data breach claim even if the only thing exposed was your email address

People can now seek compensation even if the only personal information breached was their email address. Everyone has the right to the protection of their personal data. Especially when such data now has an economic value (e.g. it can be sold).

Change three – there are now different ways to join a group action claim, depending on how you have been affected

Until now, if someone had their data breached, they would have to prove how this privacy violation affected them. In group action cases (where lots of people are affected by the same breach), this could be a complicated process. Because not everyone will have experienced the same loss and consequences. So, making an award in these cases can be tricky.

But, the Court of Appeal has made the group action claims process easier.

People involved in a significant data breach (that has resulted in differing levels of financial loss or emotional harm), can still make a group action case. You can find out more about how to make a group action claim here. So, in these cases, nothing has changed.

But now, people who have had their data breached in a mass privacy violation, but who have not experienced any harm, can also claim. To do this, they will need to join a representative action.

The type of action required for each case will depend on the exact breach. If you are unsure about which option is available to you, our helpful data breach experts are happy to answer any queries you might have.

What is a representative action?

A representative action is a type of group action. Representative actions are launched when a group of people are affected by the same issue and have experienced the same level of harm (e.g. having their email address stolen and data privacy violated).

In representative actions, one solicitor will represent all clients. A judge will decide who this solicitor is. Because of our unique experience in data breach group actions, we expect that Hayes Connor will be appointed as the representative in many future actions.

In addition, one member of the action will typically sue on behalf of themselves and the rest of the group. Once compensation has been agreed, each member of the representative action will receive the same amount.

A representative action is a quicker way to claim for compensation

A representative action can be launched based on the total number of those affected, not just the individuals who have proactively decided to pursue compensation. This will make claim process much quicker. However, to receive a share of the settlement, affected parties will still need to register to join the action. There is likely to be a strict time limit to do this.

What about individual data breach cases?

The ability to claim compensation for individual personal data breaches still exists (for example, where a bank has posted your financial statement to the wrong address). But now, you can claim compensation even if you haven’t suffered because of the breach.

In such instances, people can claim directly with the organisation responsible. However, we would always recommend using a specialist data breach solicitor.

At Hayes Connor, we take a holistic and long-term view when it comes to claiming compensation on your behalf. And, our understanding of the effects of a breach mean we always ensure the best possible outcome for you. It is not unusual that – on reviewing your case – we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you could make a huge difference in the eyes of the law.

How will you know if you can make a data breach compensation claim?

Since the introduction of the General Data Protection Regulation (GDPR), any organisation that processes your personal data MUST let you know if it has been breached. And, once you have been told about any violation, you can make a claim.

How do you make a data breach claim?

If you experience a privacy violation due to an organisation breaching the Data Protection Act, you have a right to claim compensation.

At Hayes Connor Solicitors, we know what it takes to make a successful compensation claim. In fact, we’ve been helping people to do just that for over 50 years. We also steer you through the aftermath of a data breach – minimising the impact on you as much as possible.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

START A DATA BREACH COMPENSATION CLAIM