Posts

hayes connor solicitors
,

Claiming compensation for distress following a data breach

At Hayes Connor Solicitors, we have launched compensation claims against a number of high-profile companies that have failed to keep your personal data safe. We believe that these companies must be held to account for their failure to protect your information.

The General Data Protection Regulation (GDPR) places strict obligations on businesses to keep our data safe. And you could be entitled to compensation if an organisation fails to meet these. But did you know that you can also claim for GDPR distress as well as financial losses?

What the law says

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

Crucially, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

When making a compensation award, the court will look at the specific circumstances of your case. This includes things like the sensitivity of the data compromised and the nature of the disclosure. However, in order to be entitled to compensation for GDPR distress you must show that you have suffered emotionally because of the breach.

A personal data breach is a 21st-century version of being burgled. If a criminal came into your home and stole your private letters you would be distressed. So why should you feel any less upset at having your online data taken; particularly when these companies gave the burglar the keys?

Why shouldn’t you seek compensation for a failure to look after your information correctly?

The emotional impact of data breaches

Some people would have us believe that claiming for GDPR distress is an overreaction. That your physiological suffering and anguish doesn’t matter. You might hear friends and family saying that, while it is acceptable to claim compensation for any financial losses, you should put up with any anxiety caused by having your information stolen.

But according to Victim Support: “The effects of crime can also last for a long time, and it doesn’t depend on how ‘serious’ the crime was. Some people cope really well with the most horrific crimes while others can be very distressed by a more minor incident”.

The sheer scale of the information we share online is enough to leave victims open to the threat of fraud. For example, with enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

So we should all be very worried about what could happen if our data gets into the wrong hands.

What’s more, being the victim of a crime can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job. So being told to “get over it” isn’t helpful.

Crucially, the law understands the damage that can be caused by worry and upset. So you are 100% within your rights to make a compensation claim.

Claiming for GDPR distress following a data breach

At Hayes Connor Solicitors, we are committed to helping those affected by data breaches and cybercrime. And, we believe that the best way to make big companies pay for their failures is to use an expert lawyer to make a data breach compensation claim.

In addition, we also work with, and refer our clients to, other organisations and partners such as Victim Support. The leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents, last year Victim Support offered help to nearly a million victims of crime across the UK.

If you need assistance after a data breach, there are many resources on the Victim Support website to help you cope.

Don’t let them get away with it!

Something has to be done to make companies accountable for not looking after our information correctly. Claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

If you want more help or advice about making a claim then contact us today

,

Data protection complaints increase leading to possible rise of GDPR breach compensation

According to the Information Commissioner’s Office (ICO) – the watchdog responsible for regulating data protection laws in the UK – the number of reported data protection complaints has almost doubled since April this year. If the regulator upholds these complaints, there could be a corresponding rise in GDPR breach compensation claims.

Common causes for these data violations include:

  • Data sent to the wrong recipient
  • Loss of theft of paperwork
  • Failure to redact data
  • Failure to use bcc when sending an email.

The increase in data breach complaints has happened since the introduction of the GDPR on May 25th.  This saw more robust data protection laws come into force. GDPR is the most significant change to data privacy regulations in over two decades. The new rules are designed to:

  • Boost the rights of individuals by giving them more control over their information
  • Put more limitations and responsibilities on how organisations can handle personal data
  • Make data protection (including data breaches) more transparent.

The GDPR also saw the introduction of tough penalties for data breaches. In fact, companies who fail to put adequate data protection processes in place and subsequently suffer a breach could face fines of up to €20,000,000 or 4% of their total global annual turnover for the last financial year.

While the ICO does not award GDPR breach compensation to victims, if a company is found guilty of a data violation this can strengthen an individual’s claim.

According to the ICO:

  • 4,214 data protection complaints were made in July
  • 3,098 data protection complaints were made in June
  • 2,310 data protection complaints made in May
  • 2,165 complaints were made in April.

The stats exclude the health sector.

The figures indicate that more and more people are becoming aware of their data protection rights. This makes sense as there have been many high-profile data protection scandals over the last few months. For example, at Hayes Connor Solicitors we are currently pursuing cases against:

  • Emma’s Diary. Emma’s Diary sold its users’ information to Experian’s marketing division. This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election. Find out more about the Emma’s Diary data breach
  • Dixons Carphone. The Dixons Carphone or Carphone Warehouse data breach took place in 2017. It resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores. The details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes. Find out more about the Carphone Warehouse data breach
  • Ticketmaster has admitted that thousands of UK customers have been put at risk due to third-party software on their website. This has since been removed but not before the software accessed a number of customers’ personal and financial details. Find out more about the Ticketmaster data breach
  • Last year, Equifax warned that up to 400,000 UK consumers might have had their personal details stolen. The data included names, address, dates of birth, and credit card numbers. Find out more about the Equifax data breach.

If you have been affected by any of these cases, or if you want to make a GDPR breach compensation claim against another organisation, let us know.

Making a GDPR breach compensation claim

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act (the UK’s interpretation of the GDPR), you have a right to claim compensation.

You can make a GDPR breach compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

With enough information, cybercriminals can steal your identity, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And just the thought of this happening can cause emotional distress. So why shouldn’t you seek compensation for this failure to look after your information correctly?

At Hayes Connor Solicitors our initial assessment is always free of charge. If we believe you have a substantial, complex case, we’ll go through your options with you and may be able to act for you on a NO WIN, NO FEE basis. For smaller claims, our quick assessment form will help you to start your GDPR breach compensation claim, quickly and easily.

Our expert data breach compensation solicitors make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making data breach claims (currently all breaches going back six years could be subject to a claim) it’s essential to act now.

CONTACT US AND START YOUR GDPR breach compensation CLAIM TODAY

data compensation
,

Can you make a data breach claim against Emma’s Diary?

The Information Commissioner’s Office (ICO) has fined Lifecycle Marketing (Mother and Baby) Ltd (LCMB), £140,000 for illegally collecting and selling the personal information of over one million people.

LCMB, also known as Emma’s Diary, gives medical advice and free baby-themed goods to parents who download an app. The data broking company behind the app was implicated following the launch of an investigation into the Facebook data breach scandal.

As such, those affected should now be looking to claim compensation.

What happened in this case?

LCMB sold its users’ information to Experian’s marketing division (Experian Marketing Services). This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election.

The Labour Party used this information to send targeted communications about its intention to protect Sure Start Children’s centres to mums living in marginal seats.

The data used included the names of parents using the app, household addresses, the presence of children under the age of five, and the date of birth of those children.

What was the result of the investigation?

LCMB claimed that the use of this information was fully outlined in its privacy policy. However, an investigation by the ICO found that the privacy policy did not state that the personal information given would be used for political marketing or by political parties. As such, this was a breach of the Data Protection Act.

In fact, while LCMB’s privacy policy was eventually updated to add the words “political parties” to the list of organisations it shares data with, this was only done in light of the start of the ICO’s investigation.

Commenting on this case, The Information Commissioner, Elizabeth Denham said: “The relationship between data brokers, political parties and campaigns is complex. Even though this company was not directly involved in political campaigning, the democratic process must be transparent.”

She added: “All organisations involved in political campaigning must use personal information in ways that are transparent, lawful and understood by the UK public.”

As the violation could cause distress to those affected, and was motivated by financial gain, LCMB has been fined £140,000 for the data breach.

What can you do?

While the ICO has the power to impose hefty fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. But, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

The latest breach by Emma’s Diary (LCMB) is part of a more extensive investigation into how our data is being used in political campaigning. In fact, the ICO put the UK’s 11 main political parties on notice to have their data-sharing practices audited later this year.

Worryingly, Elizabeth Denham has said that: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.

“But this cannot be at the expense of transparency, fairness and compliance with the law.”

She also said that the impact of behavioural advertising in elections was significant and has called for a code of practice to fix the system.

If you are one of those affected by the Emma’s Diary data breach and are concerned that your personal information was used in a way you didn’t consent to, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

REGISTER NOW

data breach compensation
,

Can you afford to use a solicitor for your data breach claim?

When it became clear that people across the UK were mis-sold PPI, often to the tune of thousands of pounds, there was a surge of new claims management companies on the scene. All promising to help consumers get back what they were due.

But, all too often, these companies were more concerned about making fast cash than helping victims. With assurances of no up-front fees turning into extortionate commission rates that left people short-changed.

Fast forward to today, and it seems like its data breach claims that are now rarely out of the news. But, as we start to talk about holding companies to account for any breach of trust when it comes to our valuable information, so do comparisons with PPI claims.

And, it is not hard to see why. It is possible that high-profile data breaches could be seen as a way to make a profit by unscrupulous claims management “factories”.  So it’s vital that you are aware of what is at stake and the options available to you.

Don’t let them get away with it!

Organisations must be held to account for their failure to protect our personal data. The sheer scale of the information we share on online is enough to leave victims open to the threat of fraud.

For example, with enough data, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And we should all be very worried about what could happen if this gets into the wrong hands.

With large-scale, high-profile hacks and breaches happening more and more often, something has to be done to make companies accountable for these losses. So, claiming compensation isn’t just in your best interests – it could be the only way to ensure that they implement more secure processes.

Should you do it yourself?

You can make a data breach claim on your own. What’s more, if you go ahead and no settlement is reached, you can even represent yourself in court. In fact, the number of people doing this over recent years has increased.

The legal term for representing yourself this way is called ‘litigating in person’ (LiP). However, while there has been a rise in the number of people doing this, this is often because they don’t think they have any choice due to a lack of alternative funding options.

The benefits of using an expert data protection lawyer

At Hayes Connor, we believe that the best way to make big companies pay for their failures is to use a specialist lawyer. Of course you would expect us to say that – but let us explain why.

Firstly we have the legal expertise needed to take on big players such as Ticketmaster and Equifax. And, where enough people come forward, we might even launch a group action against a company.

We believe that a group action is undoubtedly the best way forward for data breach claims of this nature. It allows people with the same type of claim to bring it together on a collective basis to strengthen their overall position and increase their chances of settlement or success in litigation.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So we are confident that our team will get the results you deserve.

Can you afford to use a data breach claims lawyer?

We deal with all breach claims on a no-win, no-fee basis. This means that, if your claim is not successful, you won’t have to pay a penny.

To cover our costs, if we win your claim, we will charge a success fee. This is capped at 25% of any compensation you receive. We have to charge this to cover our costs in smaller/individual cases. There are no hidden charges or other administration fees.

In some group actions, we expect to be paid by the offending party and might even be able to work at no charge to you. This means, when you win, unlike with a claims management company, you could receive 100% of the compensation awarded to you.

Crucially, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected by the profession, and this could ultimately see you lose out financially as a result.

Why appoint Hayes Connor Solicitors?

Leading our field when it comes to understanding this often complex area of law, we provide clear and comprehensive advice and legal support to ensure the best possible result for you.

Unlike those unscrupulous claims management companies we only ever get in touch with people who have asked us to, which means we NEVER cold call, send spam texts, spam emails, or engage in any other form of nuisance marketing.

What’s more, at Hayes Connor we understand that making a compensation claim can be stressful; especially where your sensitive information has already been breached. So, our process is fully compliant with the latest guidance, and we never put your details at risk.

FIND OUT MORE ABOUT MAKING A DATA BREACH CLAIM

,

Data protection complaints increase by almost 50% in three months

According to the Information Commissioner’s Office (ICO), the number of reported data protection complaints has almost doubled since April this year. The increase in data breach complaints has happened since the introduction of the GDPR on May 25th.

The stats show that:

  • 4,214 data protection complaints were made in July
  • 3,098 data protection complaints were made in June
  • 2,310 data protection complaints made in May
  • 2,165 complaints were made in April.

In total, there were 957 reported data security incidents in Q4 2018. Common causes for these data violations include:

  • Data sent to the wrong recipient
  • Loss of theft of paperwork
  • Failure to redact data
  • Failure to use bcc when sending an email.

Worryingly, reported cybersecurity incidents also increased by 31% over the same period. Overall, general business, education and local government were the sectors with the most reported data breaches (the figures exclude the health sector).

Commenting on the changes since the introduction of the GDPR, a spokeswoman for the ICO said: “It’s early days and we will collate, analyse and publish official statistics in due course. But generally, as anticipated, we have seen a rise in personal data breach reports from organisations.

“Complaints relating to data protection issues are also up and, as more people become aware of their individual rights, we are expecting the number of complaints to the ICO to increase too.”

A rise in data breach awareness

The stats indicate that more and more people are becoming aware of their data protection rights. This makes sense as there have been many high-profile data protection scandals over the last few months.

For example, at Hayes Connor Solicitors we are involved in the following cases:

 

  • Emma’s Diary. Emma’s Diary sold its users’ information to Experian’s marketing division. This data was then used to create a database which the Labour Party manipulated to profile new mums in the run-up to the 2017 General Election. Find out more about the Emma’s Diary data breach
  • Dixons Carphone. The Dixons Carphone or Carphone Warehouse data breach took place in 2017. It resulted in 10 million customer records being accessed from Currys PC World and Dixons Travel stores. The details stolen by cyber criminals include names, addresses, phone numbers, dates of birth, and email addresses. All of which can be used by cybercriminals to commit further crimes. Find out more about the Carphone Warehouse data breach
  • Ticketmaster has admitted that thousands of UK customers have been put at risk due to third-party software on their website. This has since been removed but not before the software accessed a number of customers’ personal and financial details. Find out more about the Ticketmaster data breach
  • Last year, Equifax warned that up to 400,000 UK consumers might have had their personal details stolen. The data included names, address, dates of birth, and credit card numbers. Find out more about the Equifax data breach.

 

If you have been affected by any of these data protection cases, or if you want to make a data breach compensation claim against another organisation, let us know.

At Hayes Connor Solicitors, we’ve been helping people to get the justice they deserve for over 50 years, so we know what it takes to make a successful data breach compensation claim.

Crucially, the law recognises the potential damage that is caused by physiological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

START A DATA BREACH CLAIM

 

data breach lawyers
,

Ticketmaster to close resale site Get Me In. Can you still make a data breach claim?

The Ticketmaster data breach saw cybercriminals get away with the personal and financial information of thousands of people in the UK. As well as the main Ticketmaster site, the data hack also affected, TicketWeb and the resale website Get Me In.

Following the breach, Ticketmaster is now closing its secondary ticketing websites Seatwave and Get Me In, in a bid to combat touts. However, if you used Get Me In and were affected by the data breach, you can still make a compensation claim against the company.

The Information Commissioners Office (ICO) has already made it clear that it does not approve of companies closing to evade data breach inquiries. Earlier this year, and following the announcement that controversial data analytics firm Cambridge Analytica was to shut down, the ICO said that: “investigations cannot be impeded by the closure of these companies.”

In this case, there is no evidence that this is why Get Me In is closing. In fact, according to Ticketmaster: “We know that fans are tired of seeing others snap up tickets just to resell for a profit on secondary websites, so we have taken action”.

However, it is vital that Get Me In customers affected by the Ticketmaster data breach know their rights and are not put off making a claim.

What happened in the Ticketmaster data breach case?

Ticketmaster was affected by a substantial data protection breach after cybercriminals hacked the company’s websites. Different customers had different data stolen including financial information (some of which was fraudulently used), email addresses and other personally identifiable information (PII).

Find out more about the different types of data breaches in this case.

Make a Ticketmaster data breach claim

The only way for you to hold Ticketmaster to account is to make a data breach compensation claim.

Crucially, the law recognises the potential damage that is caused by physiological suffering. So, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

At Hayes Connor Solicitors, we have already been contacted by lots of Ticketmaster customers who are worried that their data was not looked after as carefully as it should have been.

In response, we have now submitted a letter before action (LBA) to Ticketmaster. This LBA lets Ticketmaster know that we plan to start proceedings against them, and that we are very serious about getting our clients the compensation they deserve.

If you want to join our action against Ticketmaster, it is not too late!

To start your compensation claim, you will need you to register with us. To date, our action against Ticketmaster has more than 500 clients, and it is clear that the data breach is extensive. As such, we expect Ticketmaster to take our claim very seriously.

Data breaches often have severe consequences for those affected so you could be entitled to up to £5,000.

REGISTER NOW 

facebook data
,

Facebook data breach investigation latest.

The Information Commissioner’s Office (ICO) is set to fine Facebook £500,000 for data breaches. That is the maximum financial penalty possible and reflects the severity of the Facebook data breach scandal. The ICO also intends to bring criminal action against SCL Elections, the now-defunct parent company of Cambridge Analytica.

What happened in the Facebook data breach case?

  • Social media giant Facebook and controversial data firm Cambridge Analytica are at the centre of a dispute over the harvesting and use of personal data
  • Questions were raised over whether this data was used to influence the outcome of the US 2016 presidential election and the Brexit referendum
  • In March 2017, the ICO began looking into whether personal data had been misused

What is happening now in the Facebook data breach investigation?

Yesterday, the Information Commissioner Elizabeth Denham, published a detailed update of her office’s investigation into the use of data analytics in political campaigns.

The report reveals that the ICO plans to fine Facebook £500,000 for breaches of the Data Protection Act.

The ICO has also said that it is taking steps to bring a criminal prosecution against SCL Elections Limited. While Cambridge Analytica has shut down, the ICO has already said that its directors can still be held liable and possibly criminally prosecuted.

Crucially, the ICO believes that in addition to breaching its own rules, Facebook also failed to ensure Cambridge Analytica had deleted its users’ personal data when requested. What’s more, while the ICO noted that Facebook had been the biggest recipient of digital advertising by political parties and campaigns to date, it said that the company had not done enough to explain to users they were being targeted as a consequence, or given people enough control over how their sensitive personal data was used. As a result, it seems that Facebook is guilty of two breaches of the Data Protection Act.

So, does this mean Facebook will be held to account?

No. The social media giant still has time to make any representations to the ICO before a final decision is made. However, by publishing a Notice of Intent, it is clear that the ICO is taking this matter very seriously. In fact, based on the evidence so far it looks likely that the ICO will issue Facebook with the maximum fine allowed under British law.

However, Facebook could still get away lightly, because if it had been fined under the new GDPR (General Data Protection Regulation), it could have been hit with a penalty of £479m. Indeed, the £500,000 fine is tiny when stacked up against the firm’s value of £445bn.

The impact on political parties

In its report, the ICO raised concerns about political parties buying personal information from data brokers.

Worryingly, Elizabeth Denham has said that: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.

“But this cannot be at the expense of transparency, fairness and compliance with the law.”

She also said that the impact of behavioural advertising in elections, was significant and has called for a code of practice to fix the system.

The ICO has also written to all the main political parties in the UK pressing them to have their data protection practices audited.

Who else is involved?

 Aggregate IQ

The ICO has said that Aggregate IQ (AIQ), a Canadian company which worked with the Vote Leave campaign in the run-up to the EU Referendum must stop processing UK citizens’ data. AIQ had access to UK voters’ personal data provided by Vote Leave and this information may have been transferred and accessed outside the UK. If so, this would be a breach of the Data Protection Act.

Emma’s Diary

The ICO also named Emma’s Diary; a company that gives medical advice and free baby-themed goods to parents who download an app. It appears that the company may have handed over data which was then used by the Labour Party to campaign to people. As a result, the ICO is about to take regulatory action against Lifecycle Marketing, the owner of the service.

Eldon Insurance Services

It has been alleged that the Leave campaign used the personal information of people on the Eldon Insurance and GoSkippy database on the run-up to the Brexit referendum.

Vote Leave

The ICO is looking into to what extent Vote Leave transferred the personal data of citizens outside the UK. It is likely that this was in a breach of the Data Protection Act.

Remain campaign

The ICO is investigating the collection and sharing of personal data by the official Remain campaign (Britain Stronger in Europe) and a linked data broker. In particular, it is examining inadequate third party consents and the fair processing statements used to collect personal data.

The University of Cambridge

The Psychometrics Centre at the University of Cambridge carries out research into social media profiles. As part of its investigation, the ICO is considering whether Cambridge University has “sufficient systems and processes in place to ensure that data collected by academics for research is appropriately safeguarded in its use and not re-used for commercial work.”

The ICO said that it expects the next stage of its investigation to be complete by the end of October.

 

data breach solicitors
, ,

Expedia data breach – have your bank details been exposed?

As news reports everywhere discussed the ins and outs of the Facebook/Cambridge Analytica scandal, another data breach was uncovered last month. But, because the details aren’t as juicy as those in the Facebook case, it didn’t quite get as much coverage. So you might not have heard about it.

But, for victims of the Expedia data hack – which may have revealed the information on thousands of payment cards – the consequences could be even worse. So, what exactly happened, and can you make a data protection act compensation claim if your details are at risk?

Expedia data breach – what happened?

In March, travel fare aggregator Orbitz revealed that between January 2016 and December 2017, hackers gained access to users’ personal information. This included names, phone numbers, emails and billing addresses. Orbitz, which is owned by Expedia, offers booking options and deals on flights, accommodation and holiday activities.

The hack, which is believed to have accessed 80,000 accounts wasn’t discovered until March 2018, which left plenty of time for cybercriminals to put this information to illegal use.

A statement by Orbitz said: “To date, we do not have direct evidence that this personal information was actually taken from the platform and there has been no evidence of access to other types of personal information, including passport and travel itinerary information.”

However, that data that has been accessed is extremely personal and could cause serious damage and distress for victims.

Should you be worried?

The information accessed in the Expedia data hack is enough to leave victims open to fraud. So, if you have been affected, you are right to worry about what could happen if this data gets into the wrong hands. For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that your data has been used by criminals following a data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

Don’t be fobbed off!

To help protect users, Orbitz has said those affected can access a year of free credit monitoring and identity protection services. But, given the amount of time that has lapsed between the breach and its discovery, this could be too little too late.

Also, while we do recommend using these types of services – particularly following a data breach – you should make sure that by agreeing to any free offers, you are not inadvertently signing away you rights to make a data protection act compensation claim.

Can you make a data protection act compensation claim?

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. You can claim against a wide range of private organisations and businesses already fined by the Information Commissioner’s Office (ICO).

As such, if you want to hold Expedia to account we recommend that you inform the ICO about your concerns ASAP.

You can do this here.


However, while the ICO has the power to impose hefty fines on organisations in breach of their duties, it does not award compensation, So, you should also contact us to claim data protection act compensation.

Start your data protection act compensation claim
At Hayes Connor Solicitors, we make sure you receive the maximum compensation possible in the shortest possible time for any financial, medical harm, anguish and anxiety caused by a data breach. We will also let you know when your claim for data protection act compensation can be made and advise you on what to do while waiting for the investigation’s findings.

With large-scale, high-profile hacks and breaches happening more and more often, something has to be done to make companies accountable for these losses. So, claiming compensation isn’t just in your best interests – it could be the only way to ensure that they implement more secure processes.

VISIT OUR SECURE DATA BREACH FORM

facebook data
,

Facebook to alert you if your data was shared

From today, Facebook will begin notifying the 87 million people whose personal information may have been improperly shared with Cambridge Analytica.

If your data was leaked, you will receive a message from Facebook at the top of your news feed. This will provide details on how you are affected. You will receive this message if you or your friends used Facebook to log into the This Is Your Digital Life app.

Also, all other Facebook users will receive a notice helping them to turn off specific apps or shut down third-party access to their apps entirely.

While most of those affected are in the US, some people in the UK have also had their details breached. It is understood the messages will be sent out at about 5pm in the UK.

Facebook is now facing investigation both in the UK and the USA. If the social media giant is found to be in breach of the data protection act, you could be entitled to compensation.

 

 

,

Facebook Data Scandal

Last week Mark Zuckerberg faced some hard questions about the Facebook data scandal – Here is a round up of what he said:

Hard Questions: Q&A With Mark Zuckerberg on Protecting People’s Information

Mark Zuckerberg

about 2 weeks ago

I want to share an update on the Cambridge Analytica situation — including the steps we’ve already taken and our next steps to address this important issue.

We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you. I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there’s more to do, and we need to step up and do it.

Here’s a timeline of the events:

In 2007, we launched the Facebook Platform with the vision that more apps should be social. Your calendar should be able to show your friends’ birthdays, your maps should show where your friends live, and your address book should show their pictures. To do this, we enabled people to log into apps and share who their friends were and some information about them.

In 2013, a Cambridge University researcher named Aleksandr Kogan created a personality quiz app. It was installed by around 300,000 people who shared their data as well as some of their friends’ data. Given the way our platform worked at the time this meant Kogan was able to access tens of millions of their friends’ data.

In 2014, to prevent abusive apps, we announced that we were changing the entire platform to dramatically limit the data apps could access. Most importantly, apps like Kogan’s could no longer ask for data about a person’s friends unless their friends had also authorized the app. We also required developers to get approval from us before they could request any sensitive data from people. These actions would prevent any app like Kogan’s from being able to access so much data today.

In 2015, we learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica. It is against our policies for developers to share data without people’s consent, so we immediately banned Kogan’s app from our platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications.

Last week, we learned from The Guardian, The New York Times and Channel 4 that Cambridge Analytica may not have deleted the data as they had certified. We immediately banned them from using any of our services. Cambridge Analytica claims they have already deleted the data and has agreed to a forensic audit by a firm we hired to confirm this. We’re also working with regulators as they investigate what happened.

This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.

In this case, we already took the most important steps a few years ago in 2014 to prevent bad actors from accessing people’s information in this way. But there’s more we need to do and I’ll outline those steps here:

First, we will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity. We will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps. That includes people whose data Kogan misused here as well.

Second, we will restrict developers’ data access even further to prevent other kinds of abuse. For example, we will remove developers’ access to your data if you haven’t used their app in 3 months. We will reduce the data you give an app when you sign in — to only your name, profile photo, and email address. We’ll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. And we’ll have more changes to share in the next few days.

Third, we want to make sure you understand which apps you’ve allowed to access your data. In the next month, we will show everyone a tool at the top of your News Feed with the apps you’ve used and an easy way to revoke those apps’ permissions to your data. We already have a tool to do this in your privacy settings, and now we will put this tool at the top of your News Feed to make sure everyone sees it.

Beyond the steps we had already taken in 2014, I believe these are the next steps we must take to continue to secure our platform.

I started Facebook, and at the end of the day I’m responsible for what happens on our platform. I’m serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn’t change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward.

I want to thank all of you who continue to believe in our mission and work to build this community together. I know it takes longer to fix all these issues than we’d like, but I promise you we’ll work through this and build a better service over the long term.

[source: Facebook Hard questions]