Posts

social housing data breach
,

Customer services officer guilty of unlawfully accessing private information in social housing data breach

Social housing providers deal with a lot of sensitive and personal information. So it is vital that there are robust protections in place to keep this data secure. However, in a recent social housing data breach case, a former customer services officer at Stockport Homes Limited (SHL) has been found guilty of unlawfully accessing personal data without a legitimate reason to do so.

What happened in this social housing data breach?

In this case, a customer services officer spent time looking at anti-social behaviour cases on her employer’s case management system. Despite the fact that she didn’t have the authorisation to do so. In total, she accessed the system almost 70 times.

When an audit revealed her offences (after concerns were raised regarding her performance), she was suspended from her role. She then subsequently resigned.

The former customer services officer pled guilty to unlawfully accessing personal data. She was ordered to pay a £300 fine, £364.08 costs and a victim surcharge of £30.

What has the ICO said about the data protection breach?

The Information Commissioner’s Office (ICO) is the UK’s data protection regulator. A spokesperson for the ICO said:

“People have the absolute right to expect that their personal information will be treated with the utmost privacy and in strict accordance with the UK’s data protection laws.

“Our prosecution of this individual should act as a clear warning that we will pursue and take action against those who choose to abuse their position of trust”.

Read all the details about this ICO case here.

Lessons learned

This social housing data breach case should remind people that they could face fines if they access or share personal data without a valid reason.

Also, all organisations need to do more to protect personal data. This includes ensuring comprehensive data protection training is in place. And making sure employees understand the consequences of breaking the law.

Organisations should have adequate and robust protections to ensure that such information is only available to people who need it. There should also be a record of such access.

Not Just Hackers

At Hayes Connor, our expert solicitors deal with a significant number of data breach cases each and every day. During our work, we see many different types of claims and understand how social housing data breaches can affect people in different ways.

Helping to reduce the number of data violations taking place across the UK, we are sharing such real-life examples of data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

You can find out more about our work here.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a social housing data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.

 

data breach compensation
,

What do you need to know about data protection claims?

Businesses and public sector organisations use a significant amount of sensitive information about their customers and the people they help. And, they need this personal data to carry out their duties. And to provide a quality service. But, while almost nobody objects to this information being used, they have a duty to use and store it responsibly. And, where this doesn’t happen, you could have a data breach compensation claim.

All kinds of organisations use personal information. For example:

  • Businesses
  • Charities
  • Banks and other financial bodies
  • Government departments
  • Local Authorities
  • The NHS
  • The Police
  • Schools
  • Her Majesty’s Courts & Tribunal Service (HMCTS).

What personal information do companies need?

This will depend entirely on why your data is being used. It could include your:

  • Name, address, telephone number and email address
  • Bank and credit card details
  • Ethnicity, religious beliefs, political opinions and gender identity
  • Medical history
  • Employment and education history
  • Criminal record.

Why is data breach compensation necessary?

A data breach can result in both financial and/or identity theft. But the impact of data breaches goes much further than financial losses. Many victims also go on to suffer from stress, anxiety and distress.

If an organisation does not meet its data protection responsibilities, and you suffer financially or emotionally because of this, you may be able to make a data protection compensation claim. This is an important right. Not least because serious damage can be caused if your personal information gets into the public domain.

Your information must be correct

Under the latest data protection legislation, organisations have to do more than just keep your data safe. They also have to ensure that it is up-to-date and correct. This is because there can be serious consequences if incorrect data is stored about you.

For example, a police “gangs” database was found to be in breach of data protection laws after it was revealed that many of the people on the list had never been in a gang. These people also had “zero” risk of causing harm. The data was also inappropriately shared with other public bodies. This included local councils, housing associations, and education authorities. And, as a result, many people faced sanctions relating to housing, jobs and other public services.

Likewise, if your medical records are wrong, this could prevent medical conditions being diagnosed correctly and essential treatment from taking place.

You can claim for damage and distress

Data breaches can and do cause serious and lasting damage. To claim compensation, you must be able to prove that you suffered as a result of the breach. This includes financial and medical harm as well as anguish and anxiety.

  • Financial losses. With enough information, cybercriminals can use your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.
  • Emotional distress. Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is no harm done. A data breach can have a significant impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job.

What are the main data protection rules?

The Data Protection Act (the UK’s interpretation of the GDPR) sets out rules to protect you and your personal data. Under these rules, organisations must not:

  • Store inaccurate or out-of-date information about you
  • Hold your data for longer than necessary
  • Make your confidential data public
  • Tell you why they need your data
  • Use your data outside its stated purpose.

If an organisation breaches any of these rules your rights are infringed, and you may be entitled to data breach compensation.

Types of data breach claims

A data breach can occur in any industry, business, school, organisation, or government department (e.g. the police, the NHS and the social services). Common types of data protection compensation claims include where:

  • Data has been inadvertently lost, hacked or leaked
  • Your identity has been stolen to obtain credit cards fraudulently
  • Personal data has been sent to a third party without your express permission
  • An organisation failed to maintain up-to-date, accurate information about you and this caused you damage
  • Your privacy has been compromised as part of a whistle-blowing operation
  • Personal information has been misused or mishandled
  • An organisation broke the law and used your information for journalism, artistic or literary purposes without your permission.

Corporate data breach claims also happen where businesses have had their company data leaked (e.g. banking information, business plans, etc.).

Making a data breach compensation claim

At Hayes Connor Solicitors, we help our clients get the compensation they deserve following data protection breaches, cybercrime, and other online offences. Our experts deal with a significant volume of data breach cases each day, and, during our work, we see how data breaches can affect people in different ways.

There are two main ways we get compensation for our clients:

Individual cases

In most cases, data breaches aren’t caused by scammers trying to hack big businesses, but by simple human errors. And while these incidents don’t make the headlines, for those involved the experience can be just as devastating.

Group actions

In many cases, where a breach occurs, you won’t be the only person making a claim. In such circumstances, it is often worth joining a group action claim. Where cases are very similar, group actions can be a powerful tool and can have a bigger impact than a single claim.

What is the ICO?

The Information Commissioner’s Office (ICO) is an independent authority, set up to uphold information rights in the public interest. It also promotes openness by public bodies and data privacy for individuals. While the ICO does not award compensation, it does have the power to impose hefty fines on organisations in breach of their duties.

You have the right to ask the ICO to assess if an organisation breached the Data Protection Act.

Helping our clients get the data breach compensation they deserve

Every day serious data breaches take place. And, all too often these breaches put people’s mental health and even their lives at risk.

Our data protection solicitors provide high-quality, sensitive legal advice and support to help victims of data breaches and cybercrime to claim compensation. We may be able to act for you on a NO WIN, NO FEE basis.

Find out more about making a data breach claim with Hayes Connor Solicitors.

 

data breach compensation
,

Help is as important as data breach compensation

At Hayes Connor Solicitors, we can help you to make a data breach compensation claim after your personal information was put at risk by an organisation you trusted to look after it.

But more than this, we also want to make sure that you understand your data protection rights. And provide the information you need to protect yourself following a data breach. So, as well as claiming data breach compensation, what else can you do to get data breach help?

Have you been a victim of a data breach?

In our digital age, your personal data is of enormous value. Not just to yourself, but also businesses, and, unfortunately, cyber-criminals. As such, data breaches are now a common occurrence as negligent corporations fail to put the necessary security measures in place to protect user accounts, passwords, contact details and sensitive and financial information.

Last year, data breaches affected billions of people. And, in the UK, many group action claims have been launched. For example, we have initiated data breach compensation actions against the likes of British Airways, Equifax and Dixons Carphone Warehouse.

So, if you’ve suffered damage or distress as a result of an organisation breaching any part of the Data Protection Act or the General Data Protection Regulation (GDPR), then you have a right to compensation.

Find out more about making a data breach compensation claim.

Why you need data breach help

A data breach can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts. And, to make matters worse, with criminals rarely caught, getting your money back following a scam is not easy.

What to do if you are worried about the security of your money and personal information:

  • Contact your bank/credit card provider immediately
  • Consider a credit freeze until the matter is resolved
  • Report the scam to the police and contact Action Fraud for advice on what to do next
  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

You don’t need to have lost money to get data breach compensation

Even if you haven’t lost out financially after a data breach, this doesn’t mean that there is no harm done. Following the Ticketmaster data breach, over 30% of our clients suffered from distress and/or psychological trauma as a result of having their card details stolen and used in fraudulent activity.

Being the victim of a data breach can have a significant impact on you mentally and physically. The effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect your friends, your family and your job.

Thankfully, over the last few years, people are waking up to the reality of mental health. And there is a greater awareness about the lasting effects of physiological suffering and anguish. Crucially, the law agrees and recognises the amount of damage that can be caused by having your information breached.

Data breach compensation case studies

As well as data breaches caused by cybercriminals, every day, people are also suffering following smaller data breaches. These privacy violations can have a severe and often lasting impact on them. In most cases, these data breaches are caused by simple human errors. And while these incidents don’t make the headlines, for those involved the experience can be just as devastating.

Check out our data breach case studies for more information on these kinds of breaches.

If you have been affected by a data breach, regardless of whether a hacker or a stupid mistake caused it, you can make a data breach compensation claim.

Where to get data breach help

Committed to reducing the amount of data privacy violations, and supporting victims wherever we can, we have collated a list of websites you can turn to for data breach help, advice and support – before, during and after a data breach. Find out more about getting data breach help here.

Or you can contact Victim Support for more information.

Got a question or need some data breach help or advice?

If you have suffered from a personal data breach, let us know to see how we can help.

CONTACT US

data breach solicitors
,

How to choose data breach lawyers in the UK

When it became clear that people across the UK were mis-sold PPI, often to the tune of thousands of pounds, there was a surge of new claims management companies on the scene. These lawyers promised to help consumers get back what they were due. But, in many cases, assurances of no up-front fees turned into extortionate commission rates. And that left people short-changed. Today, with the deadline for consumers to complain about the sale of PPI products coming to an end, many unscrupulous claims management firms will undoubtedly switch from PPI to GDPR. But, that doesn’t mean that victims of data breaches shouldn’t claim compensation. What matters is that they get the professional legal representation they deserve. So, if you have been the victim of a data breach or cybercrime, what should you look out for when choosing UK data breach lawyers?

Are they data breach experts?

At Hayes Connor Solicitors, we believe that the best way to make big companies pay for their failures is to use a specialist lawyer. Of course, you would expect us to say that – but let us explain why.

We have become a true specialist in data breach law. This is all we do. And, because of this, we have the legal expertise needed to take on big players such as Ticketmaster and Equifax. And, where enough people come forward, we might even launch a group action against a company. We believe that a group action is the best way forward for data breach claims. It allows people with the same type of claim to bring it together on a collective basis. This strengthens their overall position and increases their chances of success.

In addition to our own legal expertise, we also work with expert barristers to help us win our cases. So we are confident that our team of UK data breach lawyers will get the results you deserve.

Crucially, when it comes to making a compensation claim, a lack of care can leave data breach victims open to advice and representation below the standard expected by the profession. And this could ultimately see you lose out financially as a result.

Are they pushy?

We get angry when we hear about people being pressured into making a data breach compensation claim. The decision should always be 100% yours. And, you should always feel in control of the situation. So, if someone you have never heard of starts calling you up to tell you they can help with your data breach, then you are right to be annoyed.

At Hayes Connor Solicitors, we only ever get in touch with people who have asked us to. This means we never cold call, send spam texts, spam emails, or engage in any other form of nuisance marketing. We never pressure anyone into making a claim.

Are they registered with the Solicitors Regulation Authority?

Before appointing UK data breach lawyers, you should check that they are regulated by the Solicitors Regulation Authority (SRA).

Firms regulated by the SRA meet the high standards set by the regulator. It also means that you are appropriately protected should anything go wrong.

SRA regulated firms are also required to display their SRA ID on their letterhead, email and website. Hayes Connor Solicitors is a trading name of FD Law Ltd. FD Law Ltd is regulated by the Solicitors Regulation Authority, SRA number 632067.

How long have they been doing this for?

Data breach and cybercrime breaches are a relatively new and evolving area of law, so it’s difficult to find specialists in this area. But, over the past 18 months, our firm has established itself as the only niche provider of legal services in this area. As such, we lead our field when it comes to understanding the complexities involved.

But before that, we worked on different types of compensation claims. And, with over 50 years’ experience helping our clients secure the justice they deserve, our UK data breach lawyers work tirelessly to ensure the best possible outcome for you. Both in terms of damages achieved and service delivered.

Will they provide a free consultation?

The best data breach lawyers in the UK will provide you with a free consultation to make sure they can help you before asking for any money.

If you want to make a data breach or cybercrime compensation claim with Hayes Connor, we’ll advise you on whether you have a valid claim, answer any questions you might have and go through your options with you without charging you a penny.

But more than this, as well as providing a free initial assessment of your case, we have also created a wealth of free advice, news and other resources to raise awareness of the importance of data protection. We encourage individuals and organisations across the UK to use this information to help keep everyone safe.

What type of cases can they help you with?

Before you make a data breach compensation claim, you should check to see whether the solicitor has any experience winning similar cases.

At Hayes Connor, our experts deal with a significant volume of data breach cases each day. During our work, we see many different types of claims and how data breaches can affect people in different ways. There are two main ways we get compensation for our clients:

What will they help you to claim for?

All too often, claims management companies are more concerned about making fast cash than helping victims. So, while they might help you get some money back for a data breach, they are less concerned about ensuring you are fully compensated for the long-term and often physiological effects of a breach.

When you appoint us, we make sure you get the maximum compensation possible. Typically, we would look to claim for:

  • Any money lost (e.g. if a cybercriminal used your bank card)
  • Stress, worry, and anxiety
  • Any recognised psychological injury
  • The effect that the leak has had on your social and home life
  • Any loss of earnings as a direct result of the breach (e.g. if you need time off work or lose your job)
  • The loss of future earnings (e.g. if you have to drop out of university)
  • Any expenses that you have had to pay as a result of the data breach (e.g. private medical care, travel expenses, accommodation, etc.).

Because we understand that the full impact of a data breach is often not felt until months after the initial violation, we take a long-term view when it comes to claiming compensation on your behalf.

But more than this, because we want to help you get your life back on track ASAP, we also provide a wide range of information to help our clients protect themselves once a breach has occurred. And we work with Victim Support to help those affected by cybercrime and data breaches.

Do they offer no-win, no-fee?

Access to professional legal advice is a fundamental right. That’s why it is vital that everyone can afford to make a data breach or cybercrime compensation claim should they need to.

Removing the financial risk, at Hayes Connor Solicitors, we provide our services on a no-win, no-fee basis to help our clients get the compensation they deserve. So, if we don’t win, you don’t have to pay us a penny.

How much will they charge you if you win?

If your claim is successful, you usually have to contribute towards your solicitor’s costs.

This ‘success fee’ is taken from the compensation awarded to you, and in some cases, it can be much higher than you expected.

The amount of the success fee depends on when your case is settled, but with Hayes Connor Solicitors, you never have to pay more than 25% of your compensation. We have to charge this to cover our costs in smaller/individual cases. There are no hidden charges or other administration fees.

What’s more, if enough people come forward to make a large group action claim, we might be able to waive this fee (by getting the other party to pay it instead of you). So, in some large group actions, there are no solicitor’s fees win or lose and you could receive 100% of the compensation awarded to you.

We always make sure you are fully informed about any potential costs before we proceed.

Choosing a UK data breach lawyer? Choose Hayes Connor!

With data breach claims rarely out of the news, it is likely that high-profile data breaches could be seen as a way to make a profit by unscrupulous claims management “factories” and “ambulance chasers”.  So it’s vital that you are aware of what is at stake and the options available to you.

Our process is also fully compliant with ICO guidance and we never put your details at risk.

 FIND OUT MORE ABOUT MAKING A DATA BREACH CLAIM WITH HAYES CONNOR SOLICITORS

data protection act
,

Less than 40% of businesses and charities have made improvements to their cybersecurity since GDPR

In April, the government published its annual Cyber Security Breaches survey. This looks at how UK organisations approach cybersecurity. It also looks at the impact of a data protection breach. This report found that security has become a priority issue for organisations. But worryingly, only 30% of businesses and 37% charities have made improvements to their cybersecurity since GDPR. So, to meet the requirements of the Data Protection Act more must be done.

Of those who have made improvements to stop cyberattacks and data breaches:

  • 60% of business and charities have created new policies
  • 15% of businesses and 17% of charities have had extra staff training or communications
  • 6% of businesses and 10% of charities have improved their contingency plans.

Training is essential to prevent data breaches and cyber attacks

We found a lack of staff training to be especially worrying. Because, according to the Information Commissioner’s Office (ICO), accidental disclosure or human error is a leading cause of personal data breaches.

In fact, basic employee training could have a huge impact on an organisation’s cyber awareness and overall security. And, every day our data breach solicitors work on Data Protection Act cases where human error has allowed cybercrime to happen.

So, if an organisation’s security is only as strong as its weakest link, in many cases this Achilles’ heel is its own workforce.

What type of data breach training do employees need?

In many cases, data breaches can be avoided by staff abiding by the data protection principles of their businesses. But it is up to employers to make sure that all staff receive regular data protection training. This should be on things like:

  • Why robust processes are needed
  • The potential consequences of breaching data protection laws. These consequences can include damage to a business and even criminal charges for employees if they deliberately access data without a legitimate reason
  • Training to ensure that everyone is aware of the online safety rules and expectations
  • Awareness programs on how to recognise common threats such as phishing scams, malware etc.
  • Staff training on reporting measures, so people know how to respond to any threats.

What are the most common cybersecurity threats?

According to the report, the most common attacks are:

  • Phishing emails. With 80% of businesses and 81% of charities experiencing breaches or attacks
  • Others impersonating an organisation online (28% and 20%)
  • Viruses or other malware, including ransomware (27% and 18%).

Organisations must do more to protect their data or face the consequences

The Data Protection Act (the UK’s interpretation of the GDPR), exists to protect the privacy of individuals. However, many organisations have struggled to keep up with changes in the rules. And this could leave everyone vulnerable.

In response, our data protection solicitors help our clients to make compensation claims. We do this after their data was put at risk by the organisations they trusted to look after it.

You have a right to claim compensation if you or a member of your family has suffered damage or distress caused by a breach of the Data Protection Act.

For more advice on how to keep your data safe, follow Hayes Connor Solicitors on Facebook and Twitter.

Alternatively, if you have been the victim of a data breach, find out how we can help you. Or contact us to discuss your case in more depth.

 

information unattended
,

Don’t leave personal data unattended

Human error is the leading cause of data breaches. In response, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security to staff. At Hayes Connor Solicitors, we’re sharing some of the tips included in this toolkit. In doing this we aim to raise awareness of the importance of this issue. And help organisations across the UK improve their data protection processes. This is crucial to keeping the personal data they use safe.

Tip: All information you work with has value. Think before leaving it unattended

 

The risk of leaving personal data unattended

Confidential information can be compromised even when it is kept in offices. For example, printouts in output trays can be viewed, mishandled, or stolen. Unattended computers also pose a significant a threat. Because, if someone else sits at your desk, they could access data that they are not authorised to see.

For example, in a recent case, we saw the impact of what can happen when a woman’s sister-in-law (an NHS worker) accessed the NHS system and shared personal details about our client with the rest of her family.

The importance of a Clear Desk & Screen policy

Employers must understand the importance of data protection. Strict policies and procedures also help to process information safely. This includes establishing a ‘Clear Desk and Screen’ policy. This policy should cover things like:

  • Locking paper records containing confidential, personal or sensitive data at the end of each day. Or a workstation if it will be unattended for more than a short time
  • Making sure that you shut down your computer at the end of the working day
  • Locking laptops and other portable devices in a secure location at the end of each day
  • Locking your screen when you leave your computer unattended
  • Automatic screensavers after 10 minutes of inactivity
  • Shredding hardcopy documents containing personal data
  • Not disposing of paper records containing personal data in general waste or recycling bins
  • Not writing down passwords or other restricted account information
  • Locking away removable media when not in use. Or prohibiting the use of removable media
  • Removing documents containing personal data immediately from printers
  • Keeping the keys to locked filing cabinets or drawers in a secure location
  • Not leaving confidential information on desks, in shared conference facilities or meeting rooms
  • Removing all personal information from flipcharts and wiping down whiteboards
  • Securing office areas when not in use
  • Adhering to mobile device guidance when out of the office
  • Deleting any data from the recycle bin of any communal computers that you use

Other quick tips to keep personal data safe

  • When staff abide by the data protection principles of their businesses, data breaches can be avoided. But it is up to employers to make sure that all staff receive regular data protection training. This is vital to make sure they understand the potential consequences of breaching data protection laws
  • Organisations must do more to protect personal information. For example, by designing systems that only allow the relevant people to have access
  • Every staff member accessing personal records should provide a reason for doing so.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses.  Or give us a call to discuss your case in more depth.

talk talk breach
,

TalkTalk data hack customer details found online

In 2015, a TalkTalk data breach saw the personal information of 157,000 customers stolen. And, in a new twist, BBC Watchdog Live revealed that the company failed to inform 4,545 TalkTalk customers that their data was taken as part of the breach. This includes bank account details.

Making matters worse, BBC researchers found details for many customers online after a simple Google search. This information included full names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers and bank details. This information could have been accessible online since the breach.

According to the BBC, viewers contacted Watchdog Live as they were concerned that their details had been breached by TalkTalk. However, the telecom group said that their details were not compromised.

The ICO has already fined TalkTalk

In 2015, TalkTalk spotted issues with its website and immediately launched an investigation before warning customers. However, the Information Commissioner’s Office (ICO) found that that insufficient security at the company permitted customer data to be accessed “with ease”. The ICO also said that TalkTalk could have prevented the data breach if it had taken basic steps to protect its customers’ information.

According to the ICO: “For no good reason, TalkTalk appears to have overlooked the need to ensure it had robust measures in place despite having the financial and staffing resources available”.

In response, the ICO fined TalkTalk £400,000. Two friends from Staffordshire (aged just 21 and 23), breached the TalkTalk website as part of a group of hackers. They have since gone to jail.

Is this a new TalkTalk data breach?

The customer data found by BBC Watchdog Live appears to relate to 2015 data breach. So it is not a new incident.

TalkTalk claims that the historical privacy violation was a genuine error. It also said that it had written to all impacted customers to apologise. And that it wrote to its entire base to inform them about the breach, and advised them about the risk of scam calls. TalkTalk also offered free credit monitoring to protect against fraud.

But, it now looks like 4,545 customers may have received the wrong notification regarding this incident.

Are these customers at risk?

TalkTalk claims that “on their own, none of the details accessed in the 2015 incident could lead to any direct financial loss.”

But our data protection experts would strongly disagree. Savvy cybercriminals can easily piece together a profile by collecting different information from different sources.

Security experts have also confirmed that, with this information, criminals could:

  • Sign up for services
  • Set up direct debits
  • Purchase goods on their victim’s behalf.

Fraudsters could also use this data to carry out a phishing attempt. For example, by pretending to be the victim’s bank to gain more information about them.

The data breached by Talk Talk was extremely sensitive. And the lack of care shown by the company continues to be worrying.

Data breaches can be extremely traumatic

A data breach can cause severe stress and anxiety for victims.

Alan’s TalkTak case

For example, BBC Watchdog Live highlights the case of one man called Alan.* Alan has had his phone, email and bank account bombarded with a series of fraudulent attacks since the Talk Talk hack. Even if these attacks are unsuccessful, this is an extremely distressing situation to be in. So it’s no wonder that Alan feels that TalkTalk has failed its customers “on a gigantic scale”.

According to the BBC, “Whilst Alan will never know if the attacks were a direct result of the TalkTalk data breach, he feels the details leaked are enough to allow fraudsters to impersonate him.”

Maureen’s TalkTalk case

Watchdog also spoke to Maureen.* Maureen was shocked to discover that her details were breached in 2015. Not least because TalkTalk told her that her details had not been stolen. In fact, despite raising concerns with TalkTalk on multiple occasions, she was repeatedly reassured that her information had not been compromised.

Watchdog Live’s investigation found Maureen’s sensitive data through a simple online search.

What happens now?

If the data has come from TalkTalk, then it is vital that the company looks to put right the harm this continued failure has caused its customers. Simply contending that the breach is old news is not good enough.

Watchdog has spoken to many people affected by the TalkTalk data breach. Many of who have been subject to “frequent scam calls”. And in some cases “attempted fraud and identity theft, impacting their credit rating”.

Hayes Connor Solicitors can help

Our expert, online fraud and data protection solicitors will advise you on whether you have a valid data breach compensation claim against TalkTalk. We will also answer any questions you might have.

Our initial assessment is always free. Keeping you fully informed we will also notify you about your legal rights when making a claim.

SIGN UP TO THE TALKTALK DATA BREACH CLAIM


*Not their real names

personal breach
,

Data breach after production company unlawfully filmed expectant mums without their permission

A TV production company has been fined £120,000 after filming expectant mums without their permission. This shocking data breach took place at Clinic 23 at Addenbrooke’s Hospital Cambridge. The walk-in clinic cares for patients who have concerns about their pregnancy.

What happened in this data breach case?

True Visions Productions (TVP) was making a Channel 4 documentary on stillbirths. It set up cameras and microphones in examination rooms at the hospital. Filming took place between July and November 2017 until expectant mothers expressed concerns.

TVP had the hospital trust’s permission to be on site. But the company did not explicitly warn all visitors about the filming. Nor did they get acceptable permission from those affected by the filming. As a result, TVP unfairly and unlawfully filmed patients and was fined £120,000 by the Information Commissioner’s Office (ICO).

Clinic 23 data breach ruling

The ICO ruling said:

“TVP had posted limited notices advising of the filming near to the cameras and in the waiting room area and had left letters on waiting room tables. However, the detailed investigation found that these letters did not provide adequate explanations to patients, with one notice incorrectly stating that mums and visitors would not be filmed without permission.”

“The law says that personal data must be processed fairly and transparently. A patient attending the clinic would not have reasonably expected there to be cameras in examination rooms and would expect to be made aware of any filming.”

Recording stopped in November 2017. Filming then resumed using different methods until spring 2018. The programme was broadcast the following October. However, the unlawfully obtained footage was deleted and was not aired.

Anxiety and stress

Commenting on the data breach, a spokesperson for the ICO said: “Patients would not have expected to have been filmed in this situation, and many will have been very distressed when they learned such a private and potentially traumatic moment had been recorded. The recorded footage would have included the sensitive personal data of patients who could already be suffering anxiety and stress.”

A spokesperson for Cambridge University Hospitals NHS Trust said: “While protocols were in place to protect privacy, we acknowledge the ICO decision and we are sorry for any distress caused.”

TVP has hit out over the decision, stating that it was “disappointed in the outcome”. It has said that the ICO’s approach was wrong. It is also “considering the decision and the potential for an appeal.”

Did TVP get off lightly?

Many would argue yes. While being hit by a £120,000 fine, the maximum fine possible was £500,00. What’s more, due to the timing of this investigation, the penalty falls under the previous Data Protection Act. If it had been scrutinised under current law, the fine could have been much higher. In fact, the ICO now has the power to impose penalties of up to £17 million.

Also, despite clearly upsetting expectant mothers at a hugely vulnerable time, it doesn’t appear that TVP has taken responsibility for its actions.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So claiming compensation isn’t just in your best interests. It is often the only way organisations will take their responsibilities seriously. And make the necessary improvements.

Compensation for those affected by the data breach

The ICO is an independent authority. It upholds information rights in the public interest. It also promotes openness by public bodies and data privacy for individuals. But, while the ICO has the power to impose fines on organisations, it does not award compensation to victims.

However, if you have suffered any emotional distress caused by unlawful filming at the clinic, you might have a data breach compensation claim.

Many data breach victims have developed stress, anxiety and distress. In response, at Hayes Connor Solicitors we help our clients to get their lives back on track.

Register to ensure you are fully informed about this case. We will notify you about the investigation. We will also update you on your legal rights when making a claim.

REGISTER HERE

mobile phone breach
,

A simple mobile phone repair leads to a data breach compensation claim

In this day and age, it’s frightening to think about what could happen if your phone was to fall into the wrong hands. But it’s not just thieves and cybercriminals you have to worry about. In a recent case, our solicitors saw the impact of what can happen when a phone company failed to protect a customer’s personal information. And, we helped this client to get £1,000 in data breach compensation.

What happened in this data breach compensation case?

Our client’s mobile phone was stolen so she ordered a new one from her mobile phone company. But, when it arrived, it would not recognise face recognition, passwords or PIN. She was advised to send the faulty device back for a repair.

She did this, but was then told by the company that they could not access the phone as she had password protected it. So, they sent it back to her to remove all passwords.

Understandably, by this time our client was frustrated. But the situation was made worse when her phone never arrived. And, two months after the initial replacement was ordered, there were still discussions going on between the courier and the mobile phone company about whether the telephone had been delivered to her address.

Eventually, the phone company said that they had found the phone, and sent it back to her. But, when it arrived she discovered that it was someone else’s phone with all their personal details on it.

At the same time, our client’s phone was sent to that person. And somehow, the phone was no longer password protected. So everything in her phone, including her personal details was accessible to a complete stranger. To make matters worse, our client’s network provider chased her for services she hadn’t been able to use. And they indicated that they would send debt collectors around to her property to collect what was owed. Furthermore, while she was told that her credit rating would not be affected, she subsequently found out that this might not be the case.

Emotional distress results in data breach compensation

All in all, what should have been a simple repair has caused our client a significant amount of distress. And, a direct result of this data breach, our client has suffered psychological effects, including stress and anxiety. In response, our client was simply told that this was a “mistake and hardly ever happens”.

Committed to making sure she was reimbursed for her distress, we took this case on and managed to secure out client £1,000 data breach compensation.

Commenting on her experience with Hayes Connor Solicitors, she said:

“I found Hayes Connor on the internet. James was very helpful from the start, and put me at ease straight away! It wasn’t straightforward, but James was patient courteous and very helpful. I needed to make sure they {the phone company} were taught a lesson that they can’t get away with data breach! I would use Hayes Connor again and would recommend them to anybody”.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to get data breach compensation by completing our enquiry form or give us a call to discuss your case in more depth.

acceptable use policy
,

Do you know your acceptable use policy?

Human error is the leading cause of data breaches. In response, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help employees understand the importance of information security.

By sharing some of the tips included in this, we hope to raise awareness of the importance of this issue. And help organisations across the UK improve their data protection processes.

Tip: Is this acceptable use? Make sure you’ve read your internal policy

 

What is an acceptable use policy?

Recently, there have been changes to the rules covering the use of technology. So, it’s more important than ever that employees understand their data protection responsibilities.

An acceptable use policy (AUP) helps to make sure that everyone knows what is and isn’t acceptable when it comes to using digital technology. As such, an AUP should cover things like:

  • Use of email and web for personal purposes
  • The types of sites that are forbidden
  • Use of video/audio streaming
  • Restrictions on downloading files
  • Policies for sending bulk emails. For example, making sure staff use the bcc function, so email addresses are not disclosed
  • Guidance on logging off or locking devices when not in use
  • Guidance on physically storing mobile devices to minimise loss by theft.

The AUP should also set out the process and potential consequences for any infringements.

Quick tips

  • Employers must understand the importance of data protection
  • Employers should make sure that an AUP is in place to ensure the safe processing of information. Both in and out of the office
  • In many cases, data breaches can be avoided by staff abiding by the AUP. But it is up to employers to make sure that all staff receive regular data protection training, This will make sure they understand the potential consequences of breaching data protection laws
  • An AUP should be updated regularly to make sure it complies with advancements in data protection legislation
  • Robust reporting measures and processes should be established to respond to any breaches of the AUP.

Not just hackers

Cybercriminals are not the only cause of data breaches. For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses. Or give us a call to discuss your case in more depth.