Companies that breached data
Full list of companies that were found guilty of data breach and you could be owed thousands from in compensation
- Virgin Media
- British Airways
- Easyjet
- Ticketmaster
- Equifax
- Marriott Hotels
Your employees can have access to a lot of sensitive information about your business, like financial data and client details to name a few examples. If you have suffered a breach of confidentiality at work we can help put you in contact with expert solicitors that will investigate your data breach compensation claim.
Confidentiality breaches at work can be prevented by incorporating confidentiality clauses and restrictive covenants in your employment contracts. These should clearly set out to your employees what information they cannot disclose. Also, confidentiality clauses help to provide an explanation of what your expectations are and the consequences for any employee that misuses workplace data. Putting these boundaries in place will not only create trust between you and your employees and a better working relationship but it will protect your business too.
If you are an employee who has been the victim of a data breach click here for more information.
A confidentiality breach happens when an employee, contractor, or worker shares or uses specific information that could damage your business, its clients, or other employees. By law business information can be broken down into four types, they are:
Different forms of information can be protected from a confidentiality breach in different ways. For instance, trade secrets are always protected no matter if they are referred to in your employment contracts or not.
As an employer you might want to protect intellectual property rights, trade secrets, competition from clients (such as through a clause within a contract saying that employees can’t use client lists to entice them away during or after termination of employment).
Including the following in your contracts can help you protect your business when it comes to confidentiality breaches.
There is an implied duty of good faith with employment contracts. This can provide some protection against employees sharing confidential information while they work with you but not if they have left. So, there is a high level of risk involved with implied duty.
Another thing to consider is whether all employees need access to specific areas of sensitive information such as client details. Where possible you should limit employee access to confidential information in order to lower the risk of a breach.
The most common approach when you discover a breach of confidentiality is to let your employee know that you are aware that they have breached confidentiality. You will have to inform them of the consequences and ask for an undertaking to stop misusing your business information.
You can pursue a legal claim against an employee in the event that they refuse to agree to an undertaking, or the breach has resulted in substantial harm to your business. A legal claim could lead to an injunction (a court order that stops someone using your private information) or damages that the employee is required to pay to you. The court will determine if an injunction or damages is more suitable based on how serious the breach of confidentiality is.
If your employee has intentionally and continuously breached confidentiality in your business, you can terminate their employment. You would need to complete an investigation and take any mitigation (supporting evidence they provide) into consideration before dismissal.
If an employee has made a breach of confidentiality and is no longer employed by you then you can start legal action in the civil courts and/or an injunction.
This could affect the employee and the employer, depending on what information has been misused. As a business you could have a defamation claim for slander or libel against your employee. Going forward the employee might struggle with a negative reputation when attempting to seek other employment and the information breached could lead to an impacted reputation for your business too.
The General Data Protection Regulation (GDPR) came into effect in 2018 and unifies the rules for processing personal data by private and public companies. The regulation aims to ensure the protection of personal data across all industries. The principles for the processing of personal data under the GDPR are:
There has been a lot of confusion surrounding what can be classed as a breach of GDPR and what can’t be. In the GDPR a personal data breach is defined as ‘a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.’ To explore this further personal data breaches can be organised into three categories:
A data breach could possibly involve all three categories depending on the nature of the circumstances.
When a company is dealing with business transactions in the past it could have been assumed that personal data strictly refers to account or ID numbers, as well as addresses and dates of birth. Whilst this type of data should still be kept secure the GDPR has expanded the definition of personal data.
Now, personal data is related to “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. This means that social, mental, economic, cultural, and even genetic information will now be considered personal data that is to be protected by GDPR requirements.
The national supervisory authorities are required by the GDPR to impose certain warnings or fines on data protection offences. Any person who believes that the processing of their data personal data is being done unlawfully has the right to lodge a complaint with the ICO (Information Commissioner’s Office).They can then conduct an investigation into the security measures at that organisation and the degree to which they were at fault and impose a fine based on their findings.
Whether the cause is a cyber-attack, software errors, hardware failure or human error all companies are obliged under the GDPR to report any violation of the protection of personal data to a data protection supervisory authority. Article 33 of the GDPR states that notification of a breach of personal data protection by the responsible party must be made to the competent supervisory authority (ICO) straight away, and if possible within 72 hours of becoming known. If there is a delay in the obligation to register, a reasonable justification for the delay must be provided.
Also, it is important that there is a duty of documentation, so the person responsible must ensure all factors that led to the GDPR breach are clearly presented and documented. The better the company is prepared for a potential GDPR infringement the better the chances of only receiving a small fine or even just a warning.
A GDPR violation can happen to any company. The best way to minimise the risk of a breach in an organisation and the resulting consequences is to take preventative measures. As well as having a strong crisis communication strategy, it is advisable to appoint a data protection officer (in some cases this is mandatory). To be sure of the strength of data security in a business, and actively counteract a GDPR violation all applications and software products used by the company should be checked to ensure they comply with GDPR regulations.
1) Companies need to provide a clear explanation for collecting personal data
Many companies collect a user’s data without their knowledge. Even if the user doesn’t mind there needs to be a clear explanation of how that data will be used. In accordance with GDPR principles, a person must give explicit consent for how their data is being used.
2) Victims must be alerted to any risk
If a breach does occur, the company must contact the affected individuals straight away. According to GDPR principles, it is not appropriate or sufficient to release news of a breach through a press release, on a website, or through the use of social media.
3) GDPR compliance can differ from one company to the next
Compliance has a lot to do with a company’s size, the personal data that is collected via internal communications methods like a team app, as well as the goods and services that are offered.
If you think you have experienced a GDPR data breach contact us today and we can put you in contact with data breach solicitors. They can investigate your data breach claim and see if you have a case that is worth pursuing. If you do have a strong case you could be entitled to compensation not just for the risk of having financial information exposed but for any emotional distress or anxiety you had about having your personal data compromised.
Although your e-mail address is personal, private, and confidential, revealing it is not necessarily a breach of GDPR. In order for a revealed email address to be considered a breach of GDPR the e-mail address has to fall into a specific category, namely one of the following:
If the revealed e-mail address does not fall into one of these categories, then there is no case of GDPR or data breach. That means that admin@, info@, and similar business addresses do not fall into a protected category by GDPR. These are public knowledge and accessible by anyone.
However, when a personal email address or e-mail address containing PII (Personal Identifiable Information) is widely distributed or leaked it opens up the recipient to spam and viruses, as well as unwanted attention and easier ways to track the owner. When the e-mail address contains PII, be it a personal or business email address, this can also become dangerous if the information falls into the wrong hands.
When you give your email address to a company you are entrusting them with personal information. This might be to sign up to something, enter a competition, join a mailing list, or even receive quotes or other information. Prior to the implementation of GDPR and the Data Protection Act of 2018, this information could be more easily shared with other companies who would pay for good email addresses for marketing purposes. Thankfully, new laws mean that companies cannot share your information without your express consent.
There are different ways that your email address may have been leaked, and not all of them are malicious or intended – however, they are still an abuse of your rights and a breach of GDPR. Some of the offences include:
100% Privacy Guaranteed
No span Policy
How you respond to your leaked or revealed e-mail address is usually up to you and is based on the severity of the breach. For instance, if your email address was leaked in a group of email addresses for people with certain medical conditions then the severity of the leak or breach is much worse than if your email address was revealed in a general information mailing list where you were CC’d instead of being BCC’d.
If you feel that the revelation or breach is serious then you should start by reporting it to the company directly. You may find that they are willing to make reparations immediately or were not even aware of the problem. The company or person who revealed your email address is then responsible for reporting the breach to the supervisory authority within 72 hours of finding out about it.
The supervisory authority will then investigate and will usually decide on the suitable disciplinary actions to be taken out, if necessary.
You can also ask to see the correspondence between the company and the supervisory authority as it pertains to you and your information.
This is all laid out in Article 33 of GDPR terms.
If you still feel that you have suffered injury or damage because your email address was revealed then you may be able to take the matter further. If someone else having access to your email address has resulted in measurable psychological or financial damage, then you may be able to claim compensation if you can prove that the injury or damage were directly linked to the data breach.
If your information has been leaked and you have suffered as a result, possibly through harassment, hacking, or other abuse of your e-mail address, then you are probably feeling vulnerable and uncertain. At Data Breach Claims we put you back in control and put you in contact with one of the best data breach solicitors in the UK.
They will offer a free initial consultation to help you decide if your case is worth pursuing, and work on a No-win, No-fee basis. Our goal is to give you the best possible result.
Check free if you're owed an average £4,000 refund
Start My FREE Data Breach Claim 100% Safe & secure, no win no fee checkFull list of companies that were found guilty of data breach and you could be owed thousands from in compensation