Posts

data breach solicitors
,

What are your rights if you are ‘named and shamed’?

A restaurant in Cardiff recently hit the news after its owner took to Twitter when a customer missed her reservation. The screenshot of the booking, posted on Twitter, revealed the customer’s name, telephone number and email address. Not only did the post disclose her personal details, but it also triggered a torrent of abuse from other users of the social media site.

When that prospective diner made her reservation, she likely didn’t bank on her personal information being shared all over the Internet. And, while diners who don’t show up are undoubtedly a genuine problem for restaurants, the owner’s decision to ‘name and shame’ the customer wasn’t just poor etiquette, it was a serious violation of her privacy.

We live in a world in which we’ve grown accustomed to sharing our personal information with relative ease – be it on social media sites, through online shopping, or even making a reservation at a restaurant. Unfortunately, this means we are sometimes at risk of that information being shared or used in ways that are inappropriate, or even illegal. So what happens when you become the victim of a data breach?

 The use of personal data is currently governed by the Data Protection Act 1980. This Act is designed to protect storage of personal data, and its rules apply to any organisation, public or private, that has access to third-party data. While data seems like a very technical term, it actually covers all manners of personal information – from things such as name, address, or ethnicity, to more sensitive material such as religious beliefs, expressions of opinion, and sexual orientation.

The Data Protection Bill is currently making its way through Parliament in order to better protect people who share their data. It is intended to update British law, paralleling the EU’s incoming General Data Protection Regulation. This modernisation is a response to the ever-increasing amount of data that is processed, and according to Government, it will strengthen regulations, with tougher sanctions for breaches.

Those sanctions are implemented by The Information Commissioner’s Office (the ICO). The ICO is an independent body that investigates breaches – any individual can report a concern to the ICO, and it will be looked into. The ICO has a range of tools open to it – it can serve enforcement notices, conduct audits, and most notably, it has the power to impose fines of up to £500,000.

Further, when a breach is so serious as to constitute a criminal offence, the ICO can take the matter to court. Recent examples of those prosecuted include a nurse who inappropriately accessed patient files, and a counsellor who sent details of vulnerable clients to his personal email address – data breaches can occur in many different ways, and the consequences can be severe.

However, the ICO does not have the power to award compensation to those who have been directly affected by a data breach. In a case like that of restaurant reservation, where the violation was not only intentional but also arguably malicious, a victim may want to take further action. If the ICO has found an organisation guilty of a data breach, lawyers can work with the evidence that it provides to take private legal action. It isn’t strictly necessary to go to the ICO first, but their findings can strengthen any claim made.

When you supply your information to an organisation, you trust that that information will be used and stored appropriately. This isn’t just a social nicety – it can constitute a legal relationship. The organisation has a duty to you. If that duty is breached, and that breach causes you to suffer a loss, you may be entitled to compensation.

This suffering can be both financial and emotional. In 2015, a group of people brought a successful claim against Google after learning that the company had used their personal information to create targeted advertisements. This was deemed to be misuse of private information. The claimants suffered no financial loss – their claim was based purely on the fact that knowledge of third party access to private information caused them to feel distress and anxiety.

While the customer whose information was shared on Twitter might not necessarily have incurred a financial loss, she was subject to abusive comments from other people online. If this caused her distress, or anxiety, she could be entitled to damages to cover that loss.

In this case, the abuse may well be considered as an aggravating element of the data breach, but online abuse can constitute a separate criminal offence. “Trolling” – the abuse of individuals online – can be prosecuted under the Malicious Communications Act 2003. The threshold for prosecution is high, but with cybercrime on the increase, more measures are being taken to protect victims of online abuse. Another recent cybercrime phenomenon is “doxxing” – the publication of personal information that encourages harassment or criticism of the individual to whom it relates. Perpetrators can be charged under the Serious Crime Act 2007 – naming and shaming can in effect be a criminal offence.

Violations of your right to privacy are extremely serious, and the consequences can be so too. If you think you’ve been the victim of a data breach, you can contact the ICO, or get in touch with a lawyer. It’s easy to become desensitised to the importance of protecting your information, but if something as simple as making a dinner reservation can lead to a stream of online abuse, it shows that when it comes to data protection, it’s important to know your rights.

 

If you’ve been a victim of a data breach you can contact us to find out more about making a claim.

equifax data breach even worse
, ,

Equifax Data Hack UPDATE

Everyday we are receiving more and more calls from customers who have been affected by the Equifax data hack.

We are expecting an even bigger number after the christmas period as it can’t be confirmed that customers details haven’t got into the hands of dishonest organisations or people.

Some important advice regarding the Equifax data hack:

Firstly contact the ICO and ensure that they have your details on file.

The more people affected the more likely an investigation into equifax or your individual case will be carried out.

  • If this is done and Equifax are fined we can help you get compensation.

Secondly contact us – we will be able to keep your details (securely) and keep you up to date on the ICO action and the outcome of any investigation.

We will also be able to advise you on what to do whilst waiting for the ICO’s findings.

Once registered with us:

  • It’s important to keep a ‘diary’ or note of events since the hack – for example has your card been used without permission?
  • Are there transactions that you bank have picked up that you haven’t made?
  • Are you getting more ‘spam’ or junk email – With your name on? -I so create a folder and keep it – this may be relevant
  • Are you anxious or worried by the thought of people being able to access your data? Has this caused you any distress?

We will keep you updated about any new breaches via our facebook page and newsletter and also notify you when we know more about the equifax hack.

To register your claim today visit our secure data breach form