, , ,

Data breach leads to neighbour harassment

The headlines lead us to believe that data breaches occur as a result of cyber-attacks. The reality is that the vast majority of cases take place as a result of human error. In these instances, the breach itself can lead to a damaging chain of events which could have been prevented.

Our solicitors see every day how clients are affected. Financial loss may not be a factor in all cases, but the damage and suffering following a breach can quickly escalate.

What happened in this case?

Our client lives in a privately managed block of flats and she made a complaint about another leaseholder to the management company.

The management company proceeded to forward her detailed email to all residents in the block, including the leaseholder being complained about.

This data breach, which appeared to have taken place due to an error of judgement rather than by mistake, started a frightening chain of events exposing our client to serious harassment and compromised the safety of her family.

Following the breach, our client, who has two young children, was subjected to having the gas pipe to her property deliberately cut with access to the mains deliberately obstructed.

She suspected that the volatile neighbour she had complained about was behind the vandalism, but he denied any wrongdoing.

Having lived at the property for some years, with generally good relations with the other neighbours, the data breach also led to these relationships becoming strained.

Alongside taking legal action against the management company, our client also reported the data breach to the ICO resulting in the business now being monitored to prevent further incidents.

We secured £3,000 compensation from the management company responsible for breaking data protection laws not least, due to the psychological suffering endured by our client and her young children.

The situation has become so intolerable that our client plans to sell her property and move her family in the near future.

Have you been in a similar situation? Contact us today.

Lessons learned

If you are an employee handling a customer complaint of any kind, consider how the complaint should be handled before sharing any information.

Consideration should be given to a possible solution to the complaint and thought put into the appropriate sharing of the complaint with individuals who may be part of the solution.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.


Business Up North, 20th September 2019

We were delighted to be recognised at the Symphony Legal Awards dinner for its Innovative Marketing award. We are committed to delivering excellent customer service, exceeding client expectations, and this runs through everything we do as a firm, including how we market ourselves.

Hayes Connor highly commended in Innovative Marketing award

Data breach and cybercrime specialist Hayes Connor Solicitors was highly commended for its innovative marketing at The Symphony Legal Annual Conference held in Hinckley in September.

The firm was recognised for its client focused approach to marketing with its use of technology to simplify the enquiries process and increase speed of response, alongside its content and PR strategy to raise awareness of consumers’ data protection rights, highly commended. Read more

Today’s Legal Cyber Risk, 13th September 2019

Kingsley Hayes raised concerns about data protection on mobile phones following news that a serious cyber security risk had been exposed affecting one billion smartphones. The significant gap in security was only identified following an independent third party’s research.

Exposure of smartphone security risk demonstrates a worrying trend

Cybersecurity firm Check Point recently exposed a serious vulnerability in smartphones using the android mobile operating system which would allow a hacker full access to an individual’s emails with one simple text. * Read more

Today’s Legal Cyber Risk, 10th September 2019

We commented following the exposure of a data breach by Teletex after it was discovered that thousands of customer calls had been stored unsecured for three years. The calls contained customers’ postal and email addresses, phone numbers and dates of birth. Kingsley Hayes comments that the latest breach is a stark reminder that storing private information in the cloud does not mean that that data is automatically secure. 

SAR Requets
, ,

Metropolitan Police failing to respond to subject access requests

You have the right to find out if an organisation is using or storing your personal data. To exercise this right, all you have to do is ask for a copy of this data. This is called making a subject access request (SAR). The ICO (the UK’s data protection regulator) has been working with the Metropolitan Police Service (MPS) to address its large SARs backlog. However, the MPS has more than 1,100 open requests. With nearly 680 over three months old. The ICO believes that this is a cause for concern.

What has happened in this case?

The ICO has issued two enforcement notices ordering the Metropolitan Police Service to respond to all SARs by September 2019. The regulator has also asked the MPS to “make changes to its internal systems, procedures or policies, so that people are kept up to date on any delays that may affect their data protection rights and how the situation is being addressed.”

The ICO added, “Ultimately, the public must be able to trust that police forces are upholding their information rights, and this case is a reminder to other police forces that we will take action against those organisations that do not comply with their SAR obligations”.

What do you need to know about making a subject access request?

Find out how to make a Subject Access Request on the ICO website.

Crucially, when it comes to making a subject access request, the ICO has stated that there is “no requirement for a request to be in writing”.

What can you use a SAR for?

You can use a SAR to find out:

  • What personal data an organisation holds about you
  • Whether an organisation is processing your personal data
  • How the organisation got hold of your data
  • The types of personal data being processed
  • Why your data is being processed
  • Any third parties that your data is being shared with
  • How long your data will be kept for
  • How you can have your data amended or deleted
  • Whether they use any automated decision-making processes
  • Any other supplementary information.

Of course, it could take longer for an organisation to supply everything they have about you. So, if you only need certain data and you want to speed things up, it makes sense to be specific.

The ICO has provided a handy template to help you to do this.

What else do you need to know about making a subject access request?

  • Organisations should provide contact information for making a SAR. Under the GDPR, this information should be available on an organisation’s website (check the privacy policy usually found in the footer)
  • Requests can be responded to electronically (as long as it is secure)
  • You can ask for a paper copy of the data held about you, but a company only has to provide this if it is reasonable to do so
  • SARs need to be replied to within one calendar month. However, they might need extra time to consider your request and, if so, can take an additional two months to do this
  • Organisations must make you aware of any delays which may affect their requests. They should also explain how the situation is being addressed
  • Organisations can ask for further information to establish your identity, particularly where sensitive data is involved. However, such requests must be “reasonable and proportionate”
  • A copy of your personal data should be provided at no cost to you. Although “reasonable” fees can be charged for manifestly unfounded or excessive requests
  • An organisation can refuse a SAR if they believe it to be ‘manifestly unfounded or excessive’. They may also deny a SAR if your data includes information about another individual. However, they can’t just ignore you. They must still write to you and explain why your SAR is being refused
  • You have a legal right to ‘rectification’ of your records. So, if something in your data is wrong, you can ask to have it corrected. Organisations have one month to respond to your request
  • If you are worried about the way an organisation is handling your information, the ICO has provided a handy letter template to help you to raise your concerns.

What can you do if you don’t believe your SAR has been taken seriously?

If you believe any fees to be unfair, you can complain to the organisation in question. However, if the matter is not resolved, you should report your concerns to the ICO.

If more than a month has passed since you made your SAR, and you have not heard anything back, you should write to the organisation reminding them of your request and their obligations under the GDPR. And, if you still don’t hear back, you should complain to them using their complaints process. And, if you are not happy with their response, you can complain to the ICO.

If you think your request has been rejected unjustly, you can raise a complaint with the organisation in question. And if you remain dissatisfied, the ICO.

If the organisation refuses to change their records, you can complain to the ICO. However, there’s a difference between information that is incorrect and information that you disagree with. For example, if you have a dispute with your doctor over a diagnosis, you can’t change your health records. However, you might be able to add a note to this record stating that you disagree with the medical opinion.

If you believe that an organisation is not handling your data properly, you can also complain to the ICO.

Find out more about Subject Access Requests.

Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to recover any losses.

Teletext data breach exposes risk of cloud storage usage

It was announced last week that Teletext, the trading name for package holiday firm Truly Travel, had risked customers’ personal data following the discovery that 212,000 customer call recordings had been left on an unprotected server for three years*. Read more

Today’s Legal Cyber Risk, 29th August 2019

The majority of data breaches occur due to preventable human error. We featured on Today’s Legal Cyber Risk commenting on a report exposing that while employees are recognised by businesses as the greatest risk to data protection, it appears that many are still not providing adequate preventative measures, including educating staff.

employment data breach
, ,

How Hayes Connor helps our clients after an employment data breach

At Hayes Connor Solicitors, we help our clients get the compensation they deserve. We do this following data protection breaches, cybercrime, and other online offences. One type of claim we see a lot of is the employment data breach. Here are just some of the employment data breach cases we have helped our clients with recently.

Breach of data leading to an employment dispute

Our client was referred to a qualified third-party for a standard workplace assessment. This assessment was designed to make sure she had everything she needed to reach her full potential in her job. However, the party conducting the evaluation added sensitive personal information about her to their report. And they gave this to her employer.

This information was not relevant to the assessment. Moreover, it led to a dispute between our client and her employer over the disclosures she made while applying for her job.

In response, our client made a data breach claim against the workplace assessment provider. And, as well as claiming for the initial breach of her sensitive information, she also claimed for the loss and injury she suffered by the infringement when this knowledge was used against her.

Employment data breach leads to an increase in unwanted spam

Our client suffered a data breach when his employer was hacked and his financial information was put at risk.

As a result of the hack, our client was bombarded with unwanted spam calls and text messages, Some of which became quite personal. This proved to be very distressing. It resulted in him and his family suffering from distress and worry. Our client was diagnosed with an anxiety-related psychological condition that would require treatment to help him fully recover.

As the spam could be traced back to the original data hack, he was able to claim for the breach of his data and the injury caused.

Help is needed after an employment data breach

Today, such unlawful disclosures are all too familiar. And, in such cases, this can result in complex anxiety and stress.

But in such situations, you can claim damages for any psychological injuries caused by the breach of your personal data. If you find yourself suffering, make sure you seek appropriate medical attention as soon as any symptoms arise so that the impact can be adequately assessed.

At Hayes Connor Solicitors, we are 100% committed to seeking the compensation necessary to help people get their lives back on track following an employment data breach. But we don’t believe that our obligation to our clients stops there – we also provide a wide range of information to help our clients protect themselves once a breach has occurred.

Making an employment data breach compensation claim

We help our clients to make compensation claims after their data was put at risk by the organisations they trusted to look after it. And we will make sure that your employment rights are protected during and after any claim against an employer.

Our professional, friendly team will advise you on whether you have a valid claim against an employer (or third-party). If you have a substantial case, we may be able to act on a NO WIN, NO FEE basis.  Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

Contact us today for a free initial assessment.

Data protection solicitors

At Hayes Connor Solicitors, we are committed to upholding the data protection rights of our clients. For more advice on your rights, and how to keep your data safe, follow us on Twitter and Facebook.