My personal information has been lost after a data breach, what are my rights?

data protection breach

With the number of data breaches and cyber-attacks on the rise, it is essential that you understand your rights. So what do you need to know?

What type of information do organisations hold about me?

Modern organisations hold a tremendous amount of information about us. This could include data such as:

  • your name
  • your address
  • your date of birth
  • your email address
  • your telephone numbers
  • your credit card details
  • your bank details
  • your password(s)
  • your medical records
  • your religion
  • your political allegiances
  • and more.

 Of course, it’s easy to figure out what could go wrong if our financial information gets into the wrong hands. But it’s more complicated than that.

The UK’s data protection laws safeguard your personally identifiable information (PII). PII includes any data that can be used to identify a specific individual; either on its own, or in conjunction with other information an organisation has about us.

If PII gets into the wrong hands, it can be used to undertake identity fraud. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

 What is a data breach?

A personal data breach occurs when personal information, protected under the law, is destroyed, lost, altered, disclosed or accessed due to a security incident.

It doesn’t matter if this happens accidentally or deliberately. If the confidentiality, integrity or availability of your personal data has been put at risk, then a data breach has occurred.

If you have suffered financial damage, distress, or a loss of privacy caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. The Data Protection Act is the UK’s interpretation of the General Data Protection Regulation (GDPR).

Some of the most common types of data protection breaches include:

  • Where your data has been inadvertently lost, hacked or leaked
  • Where your identity has been stolen to obtain credit cards fraudulently
  • Where your personal data has been sent to someone else without your express permission
  • Where your personal information has been misused or mishandled
  • Where an organisation failed to maintain up-to-date, accurate information about you and this caused you damage.

What is the difference between a data breach and a data hack?

The terms “breach” and “hack” are often used interchangeably. But there are some differences.

  • A data breach refers to any situation where data has been put at risk. A data breach can occur because of hackers and other cybercriminals, or by human error, negligence and poor security processes
  • A data hack is caused by people with malicious intent who break into a company’s systems to steal information.

Hackers do not cause the majority of data infringements, but in each of these instances, data can be exposed and put at risk. As such, identity theft often occurs after a data breach as well as a data hack.

How does an organisation have to respond to a data breach?

There are strict procedures that an organisation must follow if it experiences a data breach that could put your personal data (and therefore you) at risk. This includes informing the regulators that a data violation has occurred and letting you know without undue delay.

Should this happen, you should be told:

  • What has happened
  • The likely consequences
  • What they are doing to respond to the breach and minimise the risk to you
  • Who you can contact for more information.

What to do following a data breach

 If you have been told your data is at risk following a data breach, you should:

  • Contact your bank or card provider if your financial details have been compromised. If you’re not happy with the way your bank deals with your complaint, you can refer it to the Financial Ombudsman Service (FOS)
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords.

If you find that you have become the victim of cybercriminals following a data breach, you should contact Action Fraud as soon as possible.

Make a compensation claim

You can claim compensation for the following if you have experienced a data breach.

Financial losses
A data breach can lead to both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Distress, anguish and anxiety

Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is “no harm done.” A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private information, you would be distressed. So why should you feel any less upset at having your personal data taken?

Being the victim of a crime can have a significant impact on you mentally and physically. Of course, everyone reacts differently, but for some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So being told to just “get over it” isn’t helpful.

Loss of privacy

You do not have to have experienced harm as a direct result of a data breach. If a company does not protect your data in the way it is legally obliged to do, and you have suffered a loss of privacy, you can make a claim. For example, if your email address was stolen or otherwise put at risk.

To start a compensation claim

  1. Inform the Information Commissioner’s Office (ICO) about your concerns. While it does not award compensation, if the ICO believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  2. Read our handy step-by-step guide to making a data breach claim
  3. If you are offered any form of compensation or free services for not being able to access your funds it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date

Contact Hayes Connor Solicitors ASAP. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply