In today’s digital age, we don’t seem to go very long without another big organisation hitting the headlines for exposing personal data. Of course, data can be used to describe a plethora of information such as numbers, words, measurements, descriptions etc. And today, businesses of all types and sizes use such data to make decisions, inform their operations, and provide a service to their customers.
However, when we talk about a data breach, we are discussing a particular category of information – that of personal data. And the repercussions of a breach can be both severe and delayed, sometimes not fully manifesting for years.
In this handy guide, the data protection experts at Keller Lenkner UK provide an insight into the impact of a data breach, what you can do to stay safe following a privacy violation, and how to get justice for the breach of your rights.
A data breach happens when an individual’s personal data is accessed, stolen, published, or otherwise used without their authorisation.
Crucially, a breach can have a range of adverse effects on individuals, including emotional distress and financial losses. And, despite fears about cybercrime, human error is still the biggest cause of data protection breaches.
There are several ways a data breach could occur, for example:
Personal data is any information about a person that could be used to identify them, either on its own or in combination with other information. For example, a name, email address or even an IP address.
Personal data also includes extremely sensitive information such as medical records, details about a person’s political or religious leanings, and criminal convictions.
Your data has value, so it is only right that you should decide who can access and use it.
Big tech giants like Facebook and Google have made billions exploiting personal data to sell advertising, while credit reference agencies are also making a huge profit selling personal data for marketing purposes. We all know the well-worn cliché “If you are not paying for it, then you are the product”, so, it is perhaps no surprise that:
While the use of our data for marketing may be problematic, there is another problem, as, following a data breach, people’s details are often found for sale on the dark web – often for just a few pounds. With cybercriminals frequently using this data for targeted phishing attacks and extortion, we should not underestimate the damage that can be done with this information should it get into the wrong hands.
The Data Protection Act 2018 (the UK’s interpretation of the General Data Protection Regulation), places obligations on organisations that use your personal data to ensure that it is not monetised, exploited, or otherwise used without your consent.
The Data Protection Act 2018
The Data Protection Act 2018 controls how organisations, businesses, and the government can use your personal information. The Data Protection Act is the UK’s implementation of the General Data Protection Regulation (GDPR).
General Data Protection Regulation (GDPR)
The General Data Protection Regulation is an EU regulation law on data protection and privacy. Despite Brexit, all UK organisations must comply with the GDPR. In the UK, the Data Protection Act is the UK’s interpretation of the GDPR.
The Information Commissioner’s Office (ICO) is the UK’s data protection watchdog regulator. It protects your information rights and data privacy. And it helps organisations to meet their data protection obligations.
If your personal information is involved in a data breach, you can ask the ICO to investigate why this happened.
Importantly, the ICO can impose substantial fines on organisations in breach of their data protection responsibilities. For example, in 2020 the ICO individually fined Marriott International £18.4 million, British Airways £20 million, and Ticketmaster £1.25 million for failing to keep their customers’ personal data secure.
However, the ICO does not award compensation to individuals, so it is vital to appoint an expert lawyer to get the compensation you deserve following a data breach. Your solicitor will use evidence uncovered by the ICO to support your data protection compensation claim.
To avoid falling foul of data protection rules, organisations MUST tell you if they have breached your personal data “without undue delay”. However, in reality, this does not always happen.
If you suspect your data has been breached, but you have not heard from the company you think failed to protect it, you can make a subject access request (SAR) to find out if your information was involved in a privacy violation. You can also contact the ICO if an organisation fails to respond to a SAR, or if it does not do so adequately.
Victims of data breaches often become the target of cybercriminals. So, following a privacy violation, before you do anything else, it is essential to take steps to keep yourself safe.
As well as following any security instructions provided by the organisation that breached your data, here are some top tips to prevent the impact of a data breach from escalating.
If you discover you are involved in a data breach, you should start a compensation claim. To do this, contact Keller Lenkner UK for a free assessment of your case. We will talk you through your options and explain everything in plain English.
You should also make a note of what happened ASAP, and the impact on you as this could provide valuable evidence in court. This includes things like:
In some cases, where a data breach occurs, you will not be the only victim. In these instances, you might be able to join a group action claim. Because there is strength in numbers, a group action (also called a class action or multi-party action) helps to even the playing field between large organisations and individual claimants. So, a group action usually makes a big organisation take the matter more seriously. This increases the chances of success for the claimants.
There are no set amounts awarded for a data breach claim. If you go to court, the judge will consider all the circumstances, including the seriousness of the breach and the impact on you. However, it is important that your data breach solicitor knows what to claim for. Inexperienced solicitors might not understand the full and lasting impact a data breach can have on a person.
Each case is judged on its own merits, but there are some things to consider when claiming compensation for a data breach.
With stolen personal data, criminals can buy things using your bank and credit cards, apply for credit in your name, set up illegal bank accounts and log in to your existing online account.
What this might involve:
Any money lost (e.g. if a criminal made a purchase using your bank card or stole funds from your account).
Any loss of earnings as a direct result of the breach (e.g. if you needed time off work or lost your job because of the impact of the breach).
The loss of future earnings (e.g. if you had to drop out of university).
Any expenses that you had to pay because of the data breach (e.g. private medical care, travel expenses, accommodation, etc.).
A data breach can have a considerable impact on you, both mentally and physically. It is not unusual for a data breach to cause or exacerbate anxiety, stress, and other psychological conditions.
What this might involve:
Stress, worry, and anxiety.
Any recognised psychological injury.
The effect that the leak had on your social and home life.
Your data is valuable, and organisations must be held to account if they do not uphold their data protection responsibilities towards you.
What this might involve:
The loss of privacy itself.
The full impact of a data breach is often not felt until months after the initial violation, so it is vital that your solicitor also takes a long-term view when it comes to claiming compensation on your behalf.
To ensure your data breach claim is successful, you must get professional legal representation. But choosing a solicitor can be daunting. Not least because – should you get it wrong – your decision could be a costly mistake.
If you are the victim of a data breach, what should you look out for when choosing a lawyer?
If you want to secure justice for a data privacy failure, you need a specialist data breach legal team. Especially as large organisations appoint their own data breach specialist defendants to make the problem go away.
When it comes to winning cases against big players, understanding the law is only half the battle. You also need experience in group action cases. Make sure your solicitors have significant experience in compensation work. This will ensure they understand what it takes to go up against big players and win.
For law firms without the necessary resources, it can be difficult to justify the time required when the other side deliberately drags out cases. The last thing you want is to appoint a firm that will run out of steam.
When it comes to negotiating with defendants in data breach cases, a formidable reputation can go a long way.
One of the things that worries people the most about making a data breach claim is that they might have to pay expensive solicitor fees. However, it is possible to make a no-win, no-fee data breach compensation claim with a professional solicitor. But what does no-win-no-fee mean? And how can you be sure that there are no hidden charges or unexpected costs?
Most data breach lawyers provide a free consultation to make sure they can help you before asking for any money. But it is always worth checking.
To ensure data privacy rights are protected, everyone should be able to claim if they have been let down. Cost should not be a barrier to justice. No-win, no-fee means that, if your claim is not successful, you will not have to pay a penny towards your case. Before appointing any data breach solicitor, you must ask how much you will pay if you do not win your case.
If your claim is successful, you usually contribute towards your solicitor’s costs. This is called a ‘success fee’. It is taken from the compensation awarded to you, and it can be much higher than you expect. Make sure you understand all the potential costs before you proceed.
When it comes to legal support, big organisations have deep pockets. And they are smarter and better resourced than ever before. So, it can be difficult for some law firms to stand up to such strength if they do not have data breach expertise or the resources to take the big players on.
At Keller Lenkner UK, we do not just even the score – we take the fight to them.
Our data breach team has the legal expertise and resources necessary to take on the corporate giants. What is more, the strength and means of our firm ensure that we never have to back down from a challenge. And with access to whatever resource we need – be that time to go the long-haul or the expertise to delve deep into the evidence – we have everything it takes to win.
TELL US ABOUT HOW A DATA BREACH OR CYBERCRIME HAS AFFECTED YOU. AND WE’LL TELL YOU HOW WE CAN HELP.
Alternatively, if you have been the victim of a data breach or cyber fraud, contact us to discuss your case in more depth.