data hack

Have you been to Butlin’s? Your data might have been hacked.

Butlin’s has revealed that up to 34,000 guests might have had their personal information stolen by hackers. The holiday camp has apologised for the breach and has set up a “dedicated team” to contact those guests who might be affected and advise them on what to do next.

What data was stolen in the Butlin’s data breach?

The data accessed by hackers includes names, home addresses, email addresses, telephone numbers and holiday arrival dates. And, while it doesn’t look like any financial information has been compromised, the data that has been stolen could be used by criminals to commit fraud.

The phishing attack happened within the last 72 hours. Phishing describes the illegal practice of sending emails claiming to be from reputable companies and individuals to encourage people to reveal personal information such as passwords and credit card details. Human error (through phishing attacks and other failures) is the greatest single point of weakness in the security of most organisations

Under the latest data protection regulations, any company made aware of a data breach has to self-report the incident as soon as possible. So, while Butlin’s isn’t yet sure if all 34,000 holidaymakers have been affected by the breach, it was obligated to report the incident to the Information Commissioner’s Office (ICO).

According to a spokeswoman for the ICO: “Butlin’s has made us aware of an incident and we will be making enquiries.”

There are currently three Butlin’s holiday camps. These are based at Skegness Bognor Regis and Minehead. If you have had a holiday at any of these camps and your data was stolen, you might be able to claim compensation.

Making a cybercrime compensation claim

With more and more organisations using computers to store and process personal information, concerns about online crime and the misuse of data are on the rise. However, you do have rights if your data is stolen or breached.

The ICO has the power to impose hefty fines on organisations who fail to meet their data protection requirements. And, while the ICO does not award compensation, you have the right to ask the ICO to assess an organisation if you think it is guilty of a breach. You can then use this information to support a data protection compensation claim.

Also, if you hear that a company is being investigated by the ICO for a breach of its legal obligations – as in this case – you should seek legal advice to see if you are entitled to make a compensation claim.

At Hayes Connor Solicitors we can investigate your claim. And we will work with the ICO to gather as much evidence as possible to help you succeed.

You can make a compensation claim even if you haven’t lost out financially

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.

You can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

With enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And just the thought of this happening can cause emotional distress. So why shouldn’t you seek compensation for this failure to look after your information correctly?

At Hayes Connor Solicitors our initial assessment is always free of charge. If we believe you have a substantial, complex case, we’ll go through your options with you and may be able to act for you on a NO WIN, NO FEE basis. For smaller claims, our quick assessment form will help you to start your claim, quickly and easily.

We make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making data breach claims, if you have been contacted by Butlin’s about this incident it’s important to act now.

, ,

Starting data breach compensation proceedings against Ticketmaster

Following the Ticketmaster data breach, our action has more than 500 clients, and we are now in the final stages of preparing these claims.

To keep you up-to-date with our progress, here is a quick summary of the steps we are taking, and what you must do if you want to make a data breach case against Ticketmaster.

Finalising a letter before action in the Ticketmaster data breach case

Later this week, Hayes Connor Solicitors is meeting with specialist barristers Ian Whitehurst and Louis Browne QC of Exchange Chambers to finalise the letter before action (LBA).

Ian has significant experience in the niche areas of cybercrime and data protection, while Louis has vast experience of both advising and acting in very high-value claims.

The LBA will be drafted on behalf of all clients signed to the Ticketmaster action by the 10th of August 2018 and will include:

  • The name and address of each individual making a claim
  • A summary of what’s happened in their particular circumstances
  • What we want Ticketmaster to do about it
  • How much each client is claiming for (and how we have calculated that amount)
  • A deadline for reply
  • Notice that we will start court proceedings on behalf of our clients if we don’t get a reply.

If you haven’t yet told us that you want to make a case against Ticketmaster, it’s essential that you do this ASAP.


Issuing a letter before action following the Ticketmaster data breach

We intend to submit the LBA on 15th August 2018. The LBA not only lets Ticketmaster know that we will be starting proceedings against them, but also that we are very serious about getting you the compensation you deserve.

Ticketmaster will then have 21 days to respond to this letter.

If you have already told us that you want to make a data breach claim against Ticketmaster, and have completed and returned our initial pack and impact form, this response will dictate the next steps we take to recover your losses.

If you have already registered with us, but haven’t yet completed these documents, it’s vital that you do so ASAP.

Should you have mislaid your documents or require a further copy, please let us know and we will send another set out to you straight away.

If you want to join our action against Ticketmaster it is not too late!

If you want to make a data breach claim against Ticketmaster, it is vital that you register with us ASAP so that we can assess the impact the breach has had on you. Once you have done this, we will be in touch to let you know the next steps, including what will be claiming for and how much compensation you could receive.

We are dealing with Ticketmaster data breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny. There are no hidden charges or other administration fees.

Find out more about how we can do this.

To date, our action against Ticketmaster has more than 500 clients, and it is clear that the data breach is extensive. As such, we expect them to take our claim very seriously.


While each case is different, if successful, you could be entitled to around £5,000 in compensation, so it’s essential to act now.



data breach

Serious data breach uncovered at Reddit

Social news aggregation, web content rating and discussion website Reddit, has revealed that it was the victim of a data hack. In this case, a cybercriminal broke into some of Reddit’s systems and accessed user data.

Many people use Reddit to post highly personal anonymous stories. In fact, the platform prides itself on providing a safe space for people to say whatever they want, without their messages being linked to their real identities.

But if usernames can be connected to emails following this breach, the identities of ‘Redditors’ could be revealed. And the consequences for these people could be devastating.

At Hayes Connor, our data breach solicitors set out what you should do if you are a user who is concerned about the impact the data breach at reddit could have on you.

What information was stolen?

The data accessed included complete information from a 2007 database backup which contained old protected (salted and hashed) passwords, email addresses, public posts and private messages.

Reddit has confirmed that it will be contacting all users affected by the breach of this database. The company has also urged users who used the platform anywhere near 2007 to reset their passwords and enable 2-factor authentication. So, if you are a long-standing Reddit user (or were a user back then), it’s worth checking your spam folder just in case. Those who signed up for the online service after 2007 should be in the clear.

In addition to the old database, more recent data, including email addresses and ‘subreddits’ people have subscribed to have also been accessed by cybercriminals.

However, there is no indication that Reddit will be contacting those individuals who have had their current email addresses stolen. So you’ll have to figure that out for yourself.

Reddit is asking users who have had their email address affected, to “think about whether there’s anything on your Reddit account that you wouldn’t want associated back to that address” and remove it. Put simply, affected users should delete any posts they don’t want to be traced back to.

What happens now?

The attack happened between 14th – June 18th June, and was discovered a day later.

Reddit has said that it is conducting a “painstaking investigation to figure out just what was accessed”, and to improve its systems and processes to prevent this from happening again.

Reddit has also said that it has reported the issue to law enforcement and is cooperating with investigations.

Why are people worried?

While much of the data accessed is at least 11 years old, that doesn’t mean that people aren’t right to be distressed at the thought of their private communications – including messages – falling into the wrong hands. Especially when this data can be linked to a specific email address (and therefore a person).

The security incident has been described as a “serious attack,” and just because Reddit was a victim of cybercriminals, doesn’t mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

Your distress matters!

Some people would have you believe that claiming for distress is an overreaction, but our data breach solicitors and the law don’t look at things this way.

The sheer scale of the information we share on social media is enough to leave victims open to the threat of fraud. And we should all be very worried about what could happen if this gets into the wrong hands.

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. And you can do this if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

At Hayes Connor Solicitors, our data breach solicitors have been helping people to claim compensation for over 50 years, so we know what it takes to make a successful data breach claim. Our initial evaluation is always free of charge, and there’s never any obligation to take things further.

If we do think you have a reasonable chance of winning your case, we’ll let you know straight away. What’s more, once appointed, we provide a NO WIN, NO FEE service; so you have nothing to lose.


data breach claim

Dixons Carphone data breach affects 16 million customers

In summer 2018, Dixons Carphone admitted that almost 16 million of its customers had their details exposed in a massive data breach.


Hackers got access to 10 million personal data records (up from an initial estimate of 1.2m people). This Dixons Carphone Warehouse data protection breach compromised dates of birth, addresses and phone numbers.

Dixons Carphone also discovered a separate attempt which compromised the records of 5.9 million payments cards.

These attacks were identified when the company reviewed its systems and data.


Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data following the Dixons Carphone Warehouse data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.


The National Crime Agency began investigating the Dixons Carphone data breach. It is working with the National Cyber Security Centre, the Financial Conduct Authority and the Information Commissioner’s Office (the UK’s data protection regulator).

The retailer said that it would contact all customers to apologise and advise on the steps they could take to protect themselves. However, this is not the first time that the company has failed to protect its customers.

Earlier last year, the Carphone Warehouse (which merged with Dixons) was fined a £400,000 following another cyber-attack. The huge fine is one of the biggest ever handed out by the Information Commissioner’s Office. In that breach, the personal data of over three million customers and 1,000 employees were put at risk. This included the historical payment card details for some 18,000 customers.

With a history of failures, the regulator will now be looking very carefully at this latest revelation.


While Dixons Carphone was the victim of a cyber-attack, it was responsible for protecting your personal information.

With an ICO investigation now underway into the Dixons Carphone data breach, if it was to blame for this appalling data protection failure it will no doubt have to pay a hefty fine. But the ICO does not award data breach compensation.

So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation.

What can you do following the Dixons Carphone data breach?

Data breaches can have severe consequences for those affected. So, customers of Dixons Carphone should now be looking to claim compensation; particularly as there is a history of data negligence at the company. Something must be done to hold them to account.

If you were affected you could be entitled to up to several thousand pounds in compensation, so it’s important to act now.

Why join our multi-party action?

Multi party actions give our clients more power against big businesses. This is because a group of people who have suffered the same or similar injuries due to the negligence of the same defendant (in this case Dixons Carphone) join together to claim for compensation. In short, it gives us strength in numbers.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation. Making a claim is simple and doing so sends a message to organisations everywhere that they must do more to protect their customers from identity and financial theft, and emotional distress.


ticketmaster data breach claim
, ,

Ticketmaster data breach could be tip of the iceberg

Ticketmaster was affected by a significant data protection breach after cybercriminals hacked the company’s website. However, it now looks like the number of people impacted by the theft is significantly worse than first thought.

What has happened so far?

A hacker group has accessed thousands of Ticketmaster customers’ payment details. Some customers of the ticket sales company have had their cards used fraudulently.

Investigating the Ticketmaster data breach, cybersecurity analysts RiskIQ have now identified the hacker group responsible for the malicious code placed on the Ticketmaster websites.

However, RiskIQ not only states that Magecart – a malicious hacking group – perpetrated the Ticketmaster attack, but that was also undertaking a massive credit card skimming operation that has affected over 800 e-commerce websites.

Worse, it appears that this hacking operation has been active since December 2016.

What is the extent of the problem?

It now looks likely that the Ticketmaster data theft was part of a larger credit card scheme. In fact, we could be looking at the biggest theft of credit card details to date.

According to RiskIQ, the hackers behind the attack “seem to have gotten smarter,”. And “rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer {code}. In some cases, compromising one of these suppliers gives them nearly 10,000 victims instantly.”

Put simply, Magecart could have stolen the credit card information of thousands of people across various websites, by merely targeting only a few companies. Some of the third-party companies allegedly compromised by Magecart include SocialPlus, PushAssist, Clarity Connect and Annex Cloud.

Ticketmaster uses SocialPlus. So, while Inbenta (a third-party software provider) has been established as the entry point for the malicious attack on its systems, at least one other source containing the skimmer had access to the Ticketmaster websites.

So, there could be a lot more to the recent Ticketmaster data breach than first thought.

What does this mean?

Because many shops use these third-parties, RiskIQ claims to have “identified nearly 100 top-tier victims, mainly online shops of some of the largest brands in the world.” It’s not yet clear which e-commerce sites have been affected.

Cyberthreat expert Ross Brewer has said that: “Third party data breaches are a growing problem for businesses. Hackers are persistent. They’re redirecting their attention to smaller, third-party suppliers that can act as a gateway to more lucrative targets. As the saying goes, you’re only as strong as your weakest link, which means if one of your third-party partners doesn’t have the same commitment to data protection, any tools you have in place are essentially rendered useless.”

What now?

There is more to this story than victims were initially told. And, while early estimates predict that 40,000 people in the UK have had their payment details swiped. It now looks likely that this number is much, much higher.

However, regardless of who was behind the attack, Ticketmaster was responsible for keeping your data safe, and this is something it has failed to do.

The Ticketmaster data protection breach has compromised customer names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details. Data that can be used by cybercriminals to steal money from you, apply for credit in your name, set up fraudulent bank accounts and more.

So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation. Ticketmaster has said that it has informed those involved, so if you have received this email let us know!

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

With data breaches on the rise, something has to be done to make big companies accountable for data losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.


cybercrime solicitors

Can you get your money back after a “push” fraud?

Last week, an article revealed the sad case of a widow who was conned into losing her mother’s care-home fees. In a highly-sophisticated cybercrime attack, the woman was defrauded of £20,000 in a so-called “push” scam.

What is push fraud?

Push fraud – also called authorised push payment (APP) scams – happen when criminals deceive individuals into sending them money. Because the victim believes the fraudster to be trustworthy and genuine, they authorise the handover of cash. The money is then quickly transferred by the fraudster to different accounts, often abroad, which makes getting it back almost impossible.

Common types of push payment scams include:

  • Sending falsified invoices that look exactly like ones victims are expecting (e.g. from a child’s school or a legitimate tradesperson)
  • Convincing people to transfer money to someone official, such as a solicitor (e.g. when buying a house)
  • Conning people to transfer cash into fraudulent bank accounts
  • Sending emails pretending to be from a friend asking for money.

While in many cases, the criminals involved might call hundreds of people in the hope of tricking someone, often these cybercrime scams are highly targeted and come after hacking a victim’s emails to identify the information needed to defraud them.

In this latest case, the criminal claimed to be from the Royal Bank of Scotland fraud team flagging up unusual transactions. The fraudsters ran through some security questions to extract the information they needed to access her online banking and rename her current account “frozen”. So, when the woman went to check via the proper channels, it did appear that her account had been locked. In a following call, she was then asked to move her balance to a new “protected” account. But when she called RBS to check the transfer went through okay, they knew nothing about it.

The rising problem of push fraud

The problem of transfer fraud is increasing in the UK. Indeed, according to consumer group Which? in the first two weeks after launching an online cybercrime reporting tool, more than 650 people came forward claiming a loss of over £5.5 million.

Overall, the latest official figures show that over £100 million was unknowingly handed over to criminals through push scams between January and June last year. Over this period around 17,000 people were victims of these scams, and they lost an average of £3,000 each.

How to protect yourself against push fraud

To keep you safe, UK Finance offers the following advice:

  • Never disclose security details such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic
  • Just because someone knows some personal information about you (i.e. your mother’s maiden name), that doesn’t mean they are genuine
  • Banks or other trusted organisations will never contact you and ask for your PIN or full password, or ask you to transfer money to a safe account
  • Don’t be rushed into handing over sensitive information, take the time to contact the company directly using a trusted email or phone number to check the request is genuine
  • Listen to your instincts. If something doesn’t feel right don’t be pressured into making a decision there and then
  • Never automatically click on a link in an unexpected email or text.

Are the banks liable?

According to the banks, they make it very clear that customers should never make a payment at the request of someone over the phone or email. So, while millions have been lost by unwitting victims, because the transfers were authorised, until now banks have been unable (or unwilling) to return nearly 74% of the money.

Don’t be fobbed off by the banks!

If you have been the victim of a push fraud and need help getting your money back, there is some good news. Under new plans, the regulator is coming down on the side of consumers and people tricked into transferring money directly to a fraudster can expect stronger protections.

A new industry code will be in place from September, helping victims of such scams to secure compensation. What this means in practice is that victims of push scams can be confident that any claim for reimbursement will be given fairer consideration.

If you want to claim compensation following a push payment scam or another type of cybercrime, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

 We can help you to claim compensation from the fraudster, your bank, and any organisation that may have put your data at risk (where this data was then used to facilitate a push scam).

Start your claim

We are also considering a group action claim against banks who have failed their clients after they have lost money through no fault of their own. A group action is where a group of people, all affected by the same issue, collectively bring their cases to court. Group actions can be a powerful tool and can have a bigger impact than a single claim.


facebook data
, ,

Facebook to alert you if your data was shared

From today, Facebook will begin notifying the 87 million people whose personal information may have been improperly shared with Cambridge Analytica.

If your data was leaked, you will receive a message from Facebook at the top of your news feed. This will provide details on how you are affected. You will receive this message if you or your friends used Facebook to log into the This Is Your Digital Life app.

Also, all other Facebook users will receive a notice helping them to turn off specific apps or shut down third-party access to their apps entirely.

While most of those affected are in the US, some people in the UK have also had their details breached. It is understood the messages will be sent out at about 5pm in the UK.

Facebook is now facing investigation both in the UK and the USA. If the social media giant is found to be in breach of the data protection act, you could be entitled to compensation.



facebook data

My data has been breached. What do I do?

At Hayes Connor Solicitors, we have considerable experience helping individuals whose data has been breached.

Each case is different, but as a first step we ask if you have reported the data breach to the Information Commissioner’s Office (the ICO). The ICO is the body which undertakes investigations on behalf of individuals into suspected data breaches. If found guilty, it is likely that they will take action against the company which committed the breach. And, at this stage, we often mount individual or groups actions against such organisations.

Find out more about making a data breach claim in our handy guide.

But, at Hayes Connor, we don’t just focus on compensation. In today’s digital world, your personal data is a valuable commodity. So, we want to do all we can to keep you, and your sensitive information as safe as possible.

So, if you have been the victim of a breach or cyber-attack, it is essential that you know your rights and how to protect yourself.

What to do immediately after a data breach

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you should:

  • Inform the Information Commissioner’s Office (ICO) about your concerns
  • Contact your bank and/or credit card providers immediately
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords.
  • If you are offered any form of compensation or free services from the organisation that put your data at risk it’s important to check the small print. Be careful that in accepting any offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date.

What to do if you need support following a data breach

Victim Support is the leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents. Last year it offered support to nearly a million victims of crime across the UK.

Many people suffer anguish, anxiety and stress after a data breach and this can have a significant impact on you mentally and physically. Effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job.

At Hayes Connor Solicitors, we are working with Victim Support to help those affected by cybercrime and data breaches. Ultimately, we want to ensure that victims have access to the support they need when they need it, as well as raising awareness of the threat to keep people safe online.

If you need support following a data breach or cybercrime, Victim Support is on hand just to support you.

Find out more about our partnership with Victim Support.

Making a data breach compensation claim

If you want to make a data breach compensation claim, contact Hayes Connor Solicitors. Our expert, online fraud and data protection solicitors will advise you on whether you have a valid claim and will be pleased to answer any questions you might have.

Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

Organisations have a duty to protect your sensitive data. And letting other people access this is a complete failure of this responsibility. So, why shouldn’t you seek compensation for this inability to look after your information correctly if it has caused you financial harm or distress?

Success Fees – FAQ’s

What is a success fee?

If your claim is successful (and that’s what we all want!), you usually have to make a contribution to your solicitor’s costs.

This ‘success fee’ is taken from the compensation awarded to you. The amount of the success fee depends on when your case is settled, but with Hayes Connor Solicitors you never have to pay more than 25% of your compensation.

What does a success fee cover?

A success fee is basically what your solicitor charges for managing your claim. This being the case, your solicitor should be able to account for the work they have done to justify charging the success fee. If they do not, you may be able to challenge that fee.

But you need to read the small print. There are many different approaches to the deduction of success fees. For example, the price quoted might include VAT, exclude VAT or have some element of administration charge or insurance product charge added. Always ask for a breakdown of costs at the start of your case.

What should you expect from your solicitor?

At all times, your solicitor should provide a clear explanation of the fees they are going to charge you and why. They should be clear on the amounts, the timing of the payments and any other options you may have to fund that claim (e.g. if you have already paid legal expense insurance).

Can you compare success fees and solicitors?

Unfortunately, many solicitors do not advertise their fee charges. So you might have to ask the question if you can’t easily find this information.

At Hayes Connor Solicitors, we work on a NO WIN, NO FEE basis.

A no-win, no-fee agreement is an arrangement between you and your solicitor. It is also known as a Conditional Fee Agreement. And, if your claim is not successful, you won’t have to pay any money for the work carried out.

However, if your claim is successful, you usually have to make a contribution to your solicitor’s costs. With Hayes Connor Solicitors you never have to pay more than 25% of your compensation. And, in some large group actions, we might be able to offer 0% success fees.


Or, for advice on how to keep your data safe, follow us on Twitter and Facebook.

cybercrime claims

Cyber Defamation

Have you been the victim of Cyber defamation? You can contact us to see if you may have a claim for compensation.

1. What is expression and defamation?

It is accepted in a democratic society that individuals have a right to express their own views and preferences. The Internet offers extensive potential for individuals and organisations to do this.

‘Defamation’, on the other hand, involves an abuse of freedom of expression whereby statements that may have a harmful impact on a person’s reputation are published.

Obviously it is important to ensure that unfounded claims should not be allowed to damage a person’s reputation, but it is also important for the law to balance such protections with the rights to freedom of expression that are a critical element of democratic societies. The issue of defamation has become a central issue in the use of the ‘Net because some corporations now use the threat of a legal action for defamation as a means to restrict the actions of groups or individuals campaigning against their activities. (See case study examples on notice and takedown).

2. How are defamation and freedom of expression covered by the law?

In the UK The Human Rights Act 1998 implements the European Convention on Human Rights (ECHR). Under the Convention:

  • The right to respect for an individual’s private and family life, home and correspondence is guaranteed under Article 8;
  • Rights of freedom of thought and expression are covered by Article 9;
  • Rights to freedom of expression and association are guaranteed under Articles 10 and 11.

These rights may have limitations put on them ‘as prescribed by law’ and which are ‘necessary in a democratic society’. The qualifications to these rights are the subject of continuing legal debate and case law.

The Defamation Act 1996 is the main UK law governing defamation. A defamatory statement can be published in:

  • Verbal form, when it is classed as slander – because only the spoken word is involved, slander can often be difficult to prove; or
  • Written form, when is classed as libel – a case for libel is easier to bring because evidence can be documented.

Material may have the potential to defame someone if:

  • The statement made would make an ordinary person modify their opinions of a person as a result of hearing or reading the statement.

Under UK law it is possible to defame corporations as well as individuals.
Defamation actions in relation to the Internet have so far involved libel. Libel must be widely ‘published’. You could libel someone using electronic networks by:

  • Sending an email, or an email attachment, where that email is widely posted or forwarded;
  • Making material available via a web page;
  • Posting to an email list or newsgroup; or
  • Streaming audio or video via the Net.

Anyone who actively transmits defamatory material is liable as part of any legal action. Most standard contracts for Internet services include conditions relating to defamation.

The 1996 Act creates a category of ‘special publisher’, where;

  • the material transmitted is passed automatically by electronic systems without their involvement; or
  • they are only the suppliers of the equipment or systems that enable publishing or distribution.

The Act also outlines the framework for prosecuting cases of alleged defamation, as well as various defences for anyone prosecuted along with the author of the material. To successfully defend against prosecution you must show that:

  • You were not the author, editor or publisher of the material;
  • That you had taken ‘reasonable care’ to prevent the publication of any defamatory material; and
  • That you did not know, or had reason to believe, that the material was defamatory, and that your transmission did not contribute to the construction of the defamatory material; or
  • The reputation of the ‘defamed’ person is such that the material could not conceivably change the average person’s views on them.

The current legal framework will probably be revised as part of new legislation for electronic commerce and electronic media.

If a person discovers that material that is damaging to their reputation is about to be disclosed, they could bring an injunction to prevent publication (on the basis of the damage it would cause, rather than on grounds of defamation). If the alleged defamatory material is already in the public domain, an injunction could be requested to force the removal or recall of the material before the case is heard.

3. How do defamation laws threaten civil liberties?

Companies and individuals may threaten a defamation action or use an injunction to silence their critics or campaigners. An injunction can be instantly actioned and prosecuted, regardless of whether it is justifiable. Given this, and the difficulty of fighting actions through the higher courts, some corporations have used injunctions rather than defamation actions to tackle problems with groups or campaigns.

Internet service providers, like other publishers, will not normally defend a claim of defamation. Rather than risk the costs of a legal action, many will simply remove the allegedly offensive material and undertake not to allow its future publication.

Filtering and blocking systems can be used in computers and Internet servers as a much simpler, and more effective, means for controlling access to material:

  • Filtering sifts packets of data or messages as they move across computer networks and eliminating those containing ‘undesirable’ material; and
  • Blocking prevents access to whole areas of the Internet based upon an address or location.

Concerns have been raised about the use of blocking and filtering software and the impact on freedom of expression. In the US, where such systems are widely used, a wide range of sites have been blocked; as well as those deemed ‘offensive’ because of their sexual or violent content, other sites seem to get blocked on the basis of their political content.

Filtering and blocking mechanisms are increasingly being used to control public access to sites critical of the state or status quo. Some states (such as China and Singapore) require the installation of this software, making it a form of indirect state censorship. Lists of blocked sites are usually protected under legal regulations on intellectual property, so it is difficult to have an informed debate about the civil liberties implications of such censorship.