Guides & articles NHS or Medical Data Breach Compensation: Everything You Need to Know Before Starting Your Claim

Peter Hammond Peter is a solicitor who has worked as a professional litigator for many years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.
NHS or medical data breach compensation

Medical data breaches have become more common over recent years as the healthcare sector is increasingly moving online. This has made it a valuable target for hackers and cybercriminals. As a result, recent statistics have revealed that the UK health sector makes up almost half of all data breaches nationally. However, figures from the ICO (Information Commissioner’s Office) show that the main cause of healthcare data breaches is actually human error, and these mistakes are just as likely to happen offline as they are online.

Types of medical institutions you could claim against

  •       GPs
  •       Pharmacies
  •       Dentists
  •       Hospitals/ NHS Trusts
  •       Individual healthcare staff
  •       Private health companies
  •       Opticians

Previous examples of medical data breaches and the consequences

When a data breach occurs, the consequences for compromising and putting patient data at risk can be very serious. The ICO, upon investigation, can respond with severe actions like heft financial penalties and prosecutions.

Name of the company Amount they were fined
Brighton & Sussex University Hospitals NHS Trust £325,000
Belfast Health and Social Care Trust £225,000
Bupa £175,000
Bayswater Medical Centre £35,000

 

Brighton and Sussex University Hospitals NHS Trust

The penalty against Brighton and Sussex was at the time the largest medical data breach compensation in the UK. The organisation had to pay £325,000 as a fine after they were subject to a breach that released hard drives full of healthcare information. The thieves put the hard drives on eBay for sale, which gives you an idea of the potential risk to those affected.

Belfast Health and Social Care Trust

Belfast Health and Social Care Trust, had to pay a hefty amount of money to compensate for the loss of sensitive information. They were fined £225,000, which at the time was the second highest fine for this type of breach. The Trust experienced a medical data breach when thousands of patient records were found abandoned in a disused hospital.

Bupa

Bupa faced a significant fine for not having sufficient security measures in place to protect their customers’ personal details.

Bayswater Medical Centre

Bayswater Medical Centre received their fine for leaving extremely sensitive information in an empty building. This was highly unprofessional and reckless as anyone could have got patients private medical details out of that building.

Other medical data breach examples

  •       A former employee of a doctor’s surgery inappropriately accessed the records of both patients and other staff members
  •       A GP surgery received a £40,000 fine after it exposed confidential information about a woman and her family to her estranged ex-partner
  •       An ex-nursing auxiliary accessed her neighbour’s medical records without any valid legal reason

Are you due compensation for a medical data breach?

Cybercriminals are always finding new ways to successfully infiltrate companies and access unauthorised data. However, this doesn’t completely exonerate healthcare organisations. If they have all the necessary measures in place and have done everything in their power to keep your data safe, it is unlikely that any claim you started would lead to compensation. In situations where they don’t have robust security processes in place, putting patient data at risk, they need to be held to account for this negligence.

That is why it would be advantageous to wait for the results of any ICO investigation before starting a claim. In the majority of cases, medical data breaches occur because of human error and the failure to have suitable and secure processes.

What compensation could you claim for?

You could make a claim for lost medical records compensation UK if a healthcare organisation has failed to protect your personal details, no matter if you have suffered as a result of the breach or not. However, in circumstances where you have experienced financial losses, medical harm, anguish or anxiety, a more serious case can be made.

Financial losses

A medical data breach, like an NHS data protection breach, has the potential to result in both financial and identity theft. The impact of either of these can be devastating. If they gather enough of your information, cybercriminals could apply for credit in your name, set up fraudulent bank accounts, and gain access to your existing accounts.

Emotional distress

If you haven’t incurred any financial losses, that doesn’t mean you definitely don’t have a claim for medical data breach compensation or that you haven’t suffered. A personal breach of your data is like the digital version of being burgled. With that in mind if a criminal broke into your home and stole sensitive details about you, you would feel distressed. So, why would you feel any less upset when your medical data has been involved in a breach?

Being the victim of a crime can have a serious effect on your mental and physical health. For some individuals, symptoms of distress could include not being able to sleep, feeling ill, constantly on edge or unsettled or confused. Stress can also impact external factors in your life like friends, family, and even your job.

The full extent of a medical data breach is not always immediate

In data breach cases, the full effects are not always felt straight away, and it can be months after the violation the complete extent of it is realised. This often happens where sensitive medical information is accessed, experiencing this type of data breach can lead to adverse life events further down the line. For example, a confidentiality breach could result in needing to move house or area, losing a job, relationship stress or separation, and distancing from family and friends. All of these factors can mean the victim ends up with a diagnosable psychological injury, and this typically occurs several months after the breach.

Can you sue the NHS for a data breach?

The NHS helps thousands of people around the country everyday and no one really wants to sue it. However, the vast amount of information we share with healthcare organisations is enough to leave us vulnerable to the serious threat of fraud, anxiety, and stress, meaning NHS data breach compensation can often be claimed.

Given that the large majority of data breaches in the NHS are caused by human error, more needs to be done to make any organisations found to be lacking in data protection measures by the ICO be held to account for the harm they have helped to cause.

As well as this, in the modern digital age we are in today, any and all personal information is valuable. So, when this private data is accessed without permission, people have a right to NHS data breach compensation. Compensation can be pursued whether they have suffered actual or potential, financial loss or psychological effects because of an NHS medical data breach.

Can you claim compensation for a GP data breach?

Like with other medical organisations, GP surgeries have an obligation to keep your data safe and out of reach of any unauthorised third parties. If your GP surgery has not kept to this obligation, you may be able to start a claim. You could have a claim if your surgery has mishandled your sensitive data or exposed it by not following GP data protection guidelines.

Can you make a claim for compensation for loss of medical records?

Lost medical records compensation in the UK is a weight issue within medical and personal data law. Your medical records may have been inadvertently deleted, misplaced, or stolen, any of which is a form of medical negligence.

This is a serious problem and could be dangerous if you go into surgery with a doctor who does not have fully up to date medical records about you. Or you could get a misdiagnosis because your doctor has not had access to your family history. For reasons like these, being able to claim NHS compensation is extremely important.

How can your medical records be lost?

There are multiple ways in which a hospital or doctor could lose your medical records. Some of these ways include:

  •       A stolen employee’s or medical professional’s laptop
  •       A mistake in a delivery
  •       Forgetfulness (human error)
  •       Hacking and,
  •       Even because the elimination of the data did not happen correctly

Why is losing your medical records so dangerous?

The main reason why the lost medical records are so dangerous is that it inhibits your doctor’s ability to fully diagnose and treat you. Ensuring records are kept confidential and safe is just one of the areas of care they need to handle sensitively. The information needs to be readily available to your doctor for a good reason. This means that if it goes missing completely, or even parts of it are lost it can be dangerous to your health and the care you are getting from your doctor. With the help of the professional data breach solicitors, we refer you to, you can make a claim for lost medical records compensation UK.

 

We can put you in contact with expert solicitors that have dealt with a substantial number of medical data breach cases. Their extensive knowledge and experience will ensure you are given the best chance of success when you make a claim for medical data breach compensation. 

Guides & articles Breach of confidentiality at work – What happens if an employee breaches GDPR?

Peter Hammond Peter is a solicitor who has worked as a professional litigator for many years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.
what happens if an employee breaches gdpr?

Your employees can have access to a lot of sensitive information about your business, like financial data and client details to name a few examples. If you have suffered a breach of confidentiality at work we can help put you in contact with expert solicitors that will investigate your data breach compensation claim.

Confidentiality breaches at work can be prevented by incorporating confidentiality clauses and restrictive covenants in your employment contracts. These should clearly set out to your employees what information they cannot disclose. Also, confidentiality clauses help to provide an explanation of what your expectations are and the consequences for any employee that misuses workplace data. Putting these boundaries in place will not only create trust between you and your employees and a better working relationship but it will protect your business too.

If you are an employee who has been the victim of a data breach click here for more information.

What is classed as a breach of confidentiality?

A confidentiality breach happens when an employee, contractor, or worker shares or uses specific information that could damage your business, its clients, or other employees. By law business information can be broken down into four types, they are:

  •       Trade secrets – details that are protected during and after employment even if there isn’t a confidentiality clause in your contract
  •       Confidential information – protected information that your employees know is confidential or it is obvious that it should not be used
  •       Employee’s skill or knowledge – employee information that helps them to do their job
  •       Public information – details that can’t be protected.

Different forms of information can be protected from a confidentiality breach in different ways. For instance, trade secrets are always protected no matter if they are referred to in your employment contracts or not.

As an employer you might want to protect intellectual property rights, trade secrets, competition from clients (such as through a clause within a contract saying that employees can’t use client lists to entice them away during or after termination of employment).

How can you protect your business from a breach of confidentiality?

Including the following in your contracts can help you protect your business when it comes to confidentiality breaches.

  •       An express duty of confidentiality – this is when you state in your contracts what information is confidential, what your employee’s obligations are, and what the consequences will be if they share that information
  •       Restrictive covenants – stopping an ex-employee from competing with your business for a certain amount of time after they have left your business.

There is an implied duty of good faith with employment contracts. This can provide some protection against employees sharing confidential information while they work with you but not if they have left. So, there is a high level of risk involved with implied duty.

Another thing to consider is whether all employees need access to specific areas of sensitive information such as client details. Where possible you should limit employee access to confidential information in order to lower the risk of a breach.

What should you do if you face a breach of confidentiality at work?

The most common approach when you discover a breach of confidentiality is to let your employee know that you are aware that they have breached confidentiality. You will have to inform them of the consequences and ask for an undertaking to stop misusing your business information.

You can pursue a legal claim against an employee in the event that they refuse to agree to an undertaking, or the breach has resulted in substantial harm to your business. A legal claim could lead to an injunction (a court order that stops someone using your private information) or damages that the employee is required to pay to you. The court will determine if an injunction or damages is more suitable based on how serious the breach of confidentiality is.

What are the consequences for an employee who breaches confidentiality at work?

Termination of employment

If your employee has intentionally and continuously breached confidentiality in your business, you can terminate their employment. You would need to complete an investigation and take any mitigation (supporting evidence they provide) into consideration before dismissal.

A civil lawsuit

If an employee has made a breach of confidentiality and is no longer employed by you then you can start legal action in the civil courts and/or an injunction.

Damaged reputation

This could affect the employee and the employer, depending on what information has been misused. As a business you could have a defamation claim for slander or libel against your employee. Going forward the employee might struggle with a negative reputation when attempting to seek other employment and the information breached could lead to an impacted reputation for your business too.

Guides & articles What to do when your manager or employer shares your personal information with other employees UK

Peter Hammond Peter is a solicitor who has worked as a professional litigator for many years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.
employer shares personal data with other employees

Employers hold a substantial amount of private data about their employees, and sadly, this data doesn’t always stay private. If an employer or another employee misuses your information or enables it to end up in the wrong hands, this can result in very serious consequences. 

Data breaches in the workplace can be related to pay and conditions, sickness and absenteeism, disciplinary and grievance disputes, and even personal medical information which has been inappropriately shared and/or disclosed. Anyone whose personal details have been breached within a workplace might have suitable grounds to claim compensation.

We can put you in touch with expert solicitors who have extensive experience in workplace data breaches where an employer has been sharing personal information with other employees and other instances of private information being compromised in this manner. Examples of the types of workplace data breaches our recommended solicitors can help you with include:

  •       Documents left in communal work areas or on top of shared printers
  •       Information being sent to the wrong email recipients, whether that be internally or externally
  •       Employers or employees misusing confidential data that relates to other employees, customers, or any other individuals
  •       Personal details being accessed by an unauthorised third party in a cyber attack caused by the employer or employee’s negligence
  •       Failing to properly dispose of or destroy confidential data which has led to it ending up in someone else’s hands

A data breach in the workplace can be very distressing and have serious consequences for those involved. In a lot of cases, these data breaches are simply caused by human errors, which can make living with the aftermath even more upsetting.

On top of the potential financial implications the event of an identity theft or financial crime can have, there is a great deal of emotional distress involved. Compensation, therefore, can be essential to help people who have suffered an employee data breach pick up the pieces and get their lives back on track. If a workplace has failed to protect your private data, we can help you make a claim for the compensation you deserve.

If you are an employer who has been the victim of a data breach click here for more information.

How do workplace data breach compensation claims work?

Understanding whether you are eligible for compensation

If your employer, HR, or someone else in your workplace has been responsible for an employee data breach, you will likely be entitled to claim compensation. Workplaces are obliged to have strict procedures in place to prevent, detect, report, and investigate any personal data breaches.

Security measures should be set that are suitable for the data being held, including introducing strong passwords and encrypting electronic data. Also, workplaces should tightly control who can access sensitive data, ensuring this is limited to those within the company that have a genuine need to access that specific data.

What can you claim for?

Financial losses

If your personal data is illegally accessed through a breach of employee information, it could potentially lead to financial crime and even identity theft. This is because cyber criminals can use the information they have gathered about you to apply for credit in your name, set up fraudulent bank accounts, and access your existing accounts. You could incur significant financial losses, and you can claim compensation for those losses.

Distress

Having your personal data stolen can have a big impact on your mental and physical wellbeing. It is common for individuals who have suffered a data breach to be unable to fall asleep and feel ill, unsettled, or confused. This type of emotional distress can be very serious, and so damages can be sought as a result.

The process of a claim

The first step in a workplace data breach claim is for the organisation responsible to be contacted by our recommended solicitors on your behalf. In this initial stage, any findings from the ICO can be used to help when speaking with the organisation. When it has been established that a breach has occurred and the consequences of that breach for you have been fully assessed, value can start to be placed on your claim.

In a lot of cases, workplace and employee data breach claims can be settled without having to follow court proceedings. However, if a settlement can’t be reached, court proceedings might be needed to secure your compensation.

Can you sue your employer for disclosing your personal information?

The Data Protection Act 2018 details that employers can only collect personal data that is thought to be ‘adequate, relevant, and necessary’, and to highlight any detrimental effects on the privacy of an individual. The DPA also states that any organisation that is using personal data must prove that:

  •       Employees were informed of the purpose and reason for this use of personal data
  •       Employees were provided with a clear explanation of how their data would be handled

Employees also need to freely consent to their data being used, meaning you could be in a position to take action against your employer if your personal data was disclosed without your permission.

Guides & articles Compensation for when a letter has been sent to the wrong address

Peter Hammond Peter is a solicitor who has worked as a professional litigator for many years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.
White letter envelope

A letter being sent to the wrong address might at first seem like a small inconvenience, but depending on the information it contains, can sometimes result in a serious breach of your data. If your privacy or information has been leaked in this way, you might be able to make a claim for compensation

It can be a common type of data breach, more so than you might think. We can put you in contact with experts in this complex and niche area of law to ensure you receive the compensation you deserve.

Can you get compensation for a letter being sent to the wrong address?

If a letter is sent to the incorrect address and personal details about you are contained within the letter or attached to it, this is an example of a data breach, and you could be eligible for compensation. Victims of this type of breach can be eligible to receive damages for emotional distress as it can be stressful and worrying to have lost control over your personal information, especially if it is of a particularly sensitive nature. 

Examples for what might be the reason for the letter being sent to the wrong address include:

  •       Human error where a mistake on the letter has led to the leak, like putting in the wrong address or using an old address
  •       More than one letter being linked together in the same single envelope
  •       The wrong attachment(s) being sent with the letter
  •       IT/system errors where letters have been sent to the wrong address or a previous address

How can this type of breach become serious?

If you have experienced an incident where a letter has been sent to the wrong address, don’t ignore it. These cases can be serious, and several factors can be considered when compensation amounts are being assessed. Factors that might lead to the breach becoming serious are:

  •       Where the leaked personal information is highly personal and sensitive
  •       Where the letter has been sent to someone who might use it with malicious intentions, like a former partner or an estranged relative
  •       Where the data ends up in the hands of someone who had previously abused the victim

In some of the most serious data breaches of this nature, simple mistakes have meant data has ended up in the hands of abusive ex-partners. This includes situations where victims have changed their names and gone to great lengths to not be found, and all of that has been undone leaving them in a potentially vulnerable and dangerous position.

When data related to healthcare has been leaked via a letter going to the wrong address, it becomes a medical data breach compensation case, which can also have negative repercussions. Medical details are often viewed as the most personal and sensitive type of data there is.

A recent example: shielding letters

In a recent example of this form of data breach, 13,000 letters for people who are vulnerable to coronavirus were sent to the wrong recipients in Wales. The letters contained information and advice for people with serious underlying health conditions and so could have caused a lot of undue stress and worry to the people who received the letters as well as the intended recipients.

This error meant that 13,000 out of 80,000 letters were sent to wrong addresses, such as to the recipient’s last previous address. It was described as a ‘potentially disastrous mistake which could have needlessly endangered lives’ and is a key example of how a simple incident of a letter going to the wrong address is a breach of data protection and can impact anyone and have significant consequences in the lives of the victims.

Contact us today if you think your data has been breached or your confidential information has been sent to the wrong address. 

 

Guides & articles 9 most common causes of data breaches

Peter Hammond Peter is a solicitor who has worked as a professional litigator for many years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.
causes of a data breach

More and more frequently over the years as technology has advanced so has the skills of cybercriminals and the risk of big organisations experiencing a data breach has increased significantly. To make sure your organisation is not one people are reading about in the news for being breached it is important to understand the most common causes of data breaches, and what you can do to mitigate the threats they can present.

1) Stolen/weak credentials, such as passwords

Attacks via hacking are one of the most common causes of data breaches, however, it is more often than not a lost or weak password that is the vulnerability in the system and that allows an opportunist hacker to exploit your company. 

The simple solution to prevent this causing a data breach for you is to use more complicated passwords that cannot be guessed and never share your password with anyone else.

2) Application vulnerabilities, back doors

Hackers don’t need to break into your system when someone has already left a door open for them to enter. Software applications that are Poorly written software applications or network systems that are not well designed or well implemented are easy for hackers to exploit as they leave holes that can be crawled into leading directly to your data. To avoid this situation, you should ensure all your software and hardware solutions are up to date and fully patched up with no weak points for criminals to get into.

3) Malware

Both direct and indirect malware is increasingly being used to access organisations’ personal data. Malware can be defined as a malicious software that is loaded without intention that opens up an opportunity for hackers to take advantage of a system and possibly other systems that are connected to it.

To prevent this from happening be cautious when going on websites that are not secure or not what they appear to be as well as opening emails from unknown sources. These are both popular methods of spreading malware that you should be aware of.

4) Social manipulation

As a hacker it would be easier to persuade someone more legitimate to access the data for you then going through the hassle of creating a way to get it yourself. If something looks too good to be true it probably is, and you shouldn’t trust the claims of someone you don’t know very well.

5) Too many permissions

Access permissions that are overly complex are ideal for hackers. A lot of businesses don’t keep tight control over who has access to what information within the organisation, which often leads to employees having the wrong permissions and out of date permissions for certain people. This makes it easy for hackers to take advantage of the confusion and get into the data. The solution to this is to keep things simple, be aware of who can access what information and don’t let things spiral out of control.

6) Threats from the inside

The well-known phrase “keep your friends close and your enemies closer” is very applicable here. A rogue employee, an unhappy contractor, or someone who isn’t aware that they already have access to your data, could want to copy, alter, or steal it if they have bad feelings towards your company. You can combat this by knowing who you are dealing with, act quickly when there is a hint of a problem, and cover everything with process and procedure that is backed up with training.

7) Physical attacks

Hackers are not always remote, they can be anyone, so it is important to check that your building is safe and secure to reduce the risk of a physical attack occurring. They can blend into a crowd and have a good line to persuade you to let them into your office and onto your computer system. Always be vigilant, check the identity of anyone coming into your company, and if you see anything suspicious report it straight away.

8) User errors, improper configuration

Human error is a natural thing that can happen in any organisation with a lot of employees. You should make sure all staff have sufficient training and awareness of the importance of data protection. With the right people in charge of securing your data and relevant and robust procedures in place to prevent user mistakes, then errors can be kept to a minimum which will less likely lead to an overall data breach.

Breaches don’t have to be caused by someone acting with malice, studies have shown that 1 in 5 incidents was the result of a mistake made by an employee. The most common errors of this nature involve sensitive information being sent to the wrong person. This could involve sending an email to the wrong person, attaching the wrong document, or giving a file to someone who shouldn’t be able to see that information.

9) Breaches without technology

Data breaches are typically thought of as cybercrime, but a significant number of incidents don’t involve technology at all. There are a lot of physical incidents that involve the theft of paperwork or devices like laptops, phones, and other storage devices. Now more than ever employees are increasingly encouraged to work from home or on the go, but if they aren’t closely watching their assets, an opportunist criminal could easily steal them. Another common physical data breach is card skimming. This is where criminals insert a device into card readers and ATMs to gather payment card details. 

 

 

Guides & articles What happens when there is a data breach?

Peter Hammond Peter is a solicitor who has worked as a professional litigator for many years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.
what happens when there is a data breach?

What should a business do when it has been breached?

When a company or organisation discovers there has been a data breach they have a duty under the GDPR to report it to the relevant supervisory authority. It is expected that this is done within the first 72 hours of becoming aware of the breach if it is feasible. Also, if the breach is likely to have a high risk of negatively affecting individuals’ rights and freedoms they must also be informed as soon as possible.

It is important to make sure there is effective breach detection, investigation, and internal reporting procedures in place. This will help to determine whether or not you need to notify the relevant supervisory authority or the affected individuals or both. Whether you are required to notify the authority about the breach or not you must keep a record of any data breaches that occur in your organisation.

What should individuals be told when there is a breach?

The UK GDPR states that when a breach is likely to be a high risk to the rights and freedoms of individuals you must inform those directly affected straight away if possible without any delay. ‘High risk’ means it is a higher requirement to inform the individuals than it is the ICO. To make that decision you will need to assess the severity of the potential or actual affect on individuals as a result of a breach and the likelihood of this occurring.

If a data breach is severe, the risk is higher, meaning that the potential consequences for individuals could be highly significant. If you are an organisation responsible for people’s data, in these circumstances, you need to quickly inform those impacted, especially if there is a need to mitigate an immediate risk of damage to them. One of the main reasons to tell individuals is to help them take steps to protect themselves from the effect of the breach.

When telling someone about a data breach you need to describe in clear and plain language the nature of the personal data breach and at a minimum:

  •       The name and contact information of any data protection officer you have, or another point of contact where further details can be obtained.
  •       A description of the consequences that are likely to occur from the data breach.
  •       A description of the measures that have been taken or suggested to deal with the data breach and where appropriate, a description of the measures taken to reduce any potential adverse effects on the individual.

Also, if possible, you should offer clear and specific advice to people on the steps they can take to protect themselves and what you can do to help them. Depending on the situation this could include things like:

  •       Forcing a password reset
  •       Advising people to use strong and unique passwords
  •       Letting them know to look out for fraudulent activity on their accounts or possible phishing emails

 

What other steps should a company take when responding to a data breach?

As previously mentioned it is extremely important to record any and all breaches regardless of whether or not they need to be reported to the ICO. The GDPR requires you to document the facts of the breach, its effects, and the action taken to remedy the situation. This is part of your overall obligation to comply with the accountability principle and allows the verification of the organisation’s compliance with its notification duties under the GDPR.

Like with any incident that is related to security you should investigate whether or not the breach was caused by human error, a systemic issue, or a cyber crime and see how this can be prevented from recurring in the future. Recent statistics have shown that human error is the leading cause of reported data breaches. The risk of this can be reduced by:

  •       Compulsory data protection induction and refresher training
  •       Supervising and offering support to employees until they are proficient in their role
  •       Keeping policies and procedures up to date so employees can report any cases of a near miss
  •       Working to the idea of “check twice, send once”
  •       Promoting a culture of trust, employees should feel comfortable and able to report near misses
  •       Looking at the root causes of breaches and near misses
  •       Protecting your employees and the personal data your organisation is responsible for. This might include restricting access to systems or implementing organisational and technical measures such as disabling autofill

 

What happens if a company fails to notify the ICO of a serious data breach?

Failing to notify the ICO when you are required to do so can lead to a substantial fine of up to £8.7 million or 2% of your global turnover. That is why it is important to make sure you have a robust breach-reporting procedure in place so you can detect and notify breaches, on time and to provide the necessary details, unless the data breach is unlikely to result in a high risk to individuals. If you decide you don’t need to report the breach, you need to be able to justify that decision, so you should document it in detail.

 

What to do if your data has been breached

If you have received a notification from a company that your data has been affected, here are some useful steps you can take.

  •       Change all your passwords straight away
  •       Determine from the company what type of information was compromised in the breach
  •       Contact your bank or credit card company if your financial details have been breached
  •       Find out what help and guidance the company is offering and accept what they offer, this could be free credit reports or identity theft protection for instance
  •       Monitor all of your accounts closely
  •       Be aware of scams
  •       Pay extra attention to your inbox and be careful what you click on as you could be targeted with phishing emails after the breach
  •       Use two-factor authentication where possible

·        To further protect yourself in the future don’t use the same passwords between different accounts and try to make them as unique as possible

0333 070 5800
Lines open 9am - 5pm Mon to Fri

Address
Egerton House, 2 Tower Road, G5D, Birkenhead CH41 1FN

Start My Claim

© DataBreach Claims . © DataBreach Claims 2022. Data Breach Claims is a trading name of SJS Legal Limited (company number: 10598802). SJS Legal is authorised and regulated by the Solicitors Regulation Authority (SRA Number: 639197). This website is operating in accordance to the privacy policy. ICO reg no. ZA473694. Data Breach Claims connects clients to regulated solicitors who deal with data breaches. We do not perform any legal services but simply connect you to a legal representative.

Check free if you're owed an average £4,000 refund

Start My FREE Data Breach Claim 100% Safe & secure, no win no fee check