As patients, we trust that our data is held securely by healthcare organisations, and that medical professionals will only access and use our information when absolutely necessary. Unfortunately, hospital data snooping does occur, as some healthcare staff view patient information without authorisation or consent.
Whether intentional or unintentional, data snooping is a practice that all healthcare staff must steer clear of, particularly due to the sensitivity of medical records. It is understandably worrying for victims to learn that their information has been subjected to unauthorised access, as there could be malicious intent behind the user’s actions. When healthcare staff abuse or take advantage of their data access privileges in this way, it can constitute a breach of data protection law.
If you believe that your privacy has been violated in this way, you could be eligible to claim compensation for the harm caused. Contact us for free, no-obligation advice now if you think you may have a claim to make.
A Chorley Council data breach has recently been reported after it was revealed that thousands of members of the public may have had their details exposed by the local authority. The incident appears to be yet another example of the damage that can be done to information security when employees make misjudgements.
Unfortunately, the incident at Chorley Council is only one in a long list of data breaches to have been caused by human error at local government bodies generally. Councils like Chorley should be striving to break with this trend, but there has unfortunately been little progress in terms of data protection it seems.
In the UK, all third-party data controllers are obliged to comply with the GDPR in their protection of the information that they hold and process. If they fail to do so, they can be held accountable, and those affected may have a right to make a compensation claim.
In June 2018, Ticketmaster revealed that a security incident had affected its website, causing the personal information of customers to be exposed. Discovered on 23rd June, the information was exposed due to the actions of an external hacker, but questions were raised regarding how far the incident had been caused by Ticketmaster’s own alleged negligence. We began taking on claims soon after the breach was announced, and we are now running our Ticketmaster data group action to ensure that those affected can receive the compensation that they deserve.
The breach has potentially demonstrated how insufficient cybersecurity could be responsible for mass information exposure. Thousands of customers had sensitive payment details exposed as a result of what we understand to be a system vulnerability, so we believe that Ticketmaster must answer for what has happened.
If you have been affected by this data breach, you can contact our team to find out if you have a compensation claim to make.
While it may be difficult to believe that such a needless mistake can breach data protection law, countless data breaches have arisen as a result of files sent to the wrong address. Over email or by post, a minute error like this can allow an unauthorised third party to view personal information which they should never have seen.
The mistake alone can constitute a data protection breach, but further problems can arise when the recipient of the files has malicious intentions. In many cases, the recipient may delete or destroy the files upon request, but not everyone is a good citizen. Sending errors can pose several opportunities for data misuse, such as identity theft, fraud and scams.
As leading specialists in data protection law, we believe that the impact of a data breach should never be underestimated. As such, however small a breach may seem, the data controller responsible should be held accountable for their actions. If you have been affected by a data breach, you may be eligible to make a compensation claim.
The Competition and Markets Authority (CMA) has recently disclosed figures for the data breaches that have affected the UK government regulator. They reportedly revealed that a total of 150 breaches have occurred over the last two years. The competition regulator data breaches are worrying given the CMA’s role in upholding the law, which requires them to handle a large amount of private information, some of which can be sensitive.
The importance of cybersecurity should now be well known to all businesses and organisations, as many can be prime targets for hackers and fraudsters searching for information to misuse. The malicious intent of cybercriminals should give organisations that sense of the importance of data protection. However, it appears that the CMA may not have been able to adopt the caution required of an organisation with such sensitive data handling responsibilities.
Amey has joined the growing list of construction companies affected by hacks, after suffering the blow of a ransomware attack in mid-December last year. The Amey cyberattack reportedly exposed extensive company data, including information relating to employees and business transactions.
With much of the data being dumped on the hacker group’s leak site, the cyberattack has produced a substantial breach of company privacy that could significantly affect the operations of the infrastructure support service provider. As a giant of the industry, the Amey breach will likely raise concerns in the UK construction sector, with other companies worrying if they may be the next target.
Data Privacy Day 2021 was marked recently on the 28th January, the fifteenth time the day has been celebrated. Also called Data Protection Day in the UK and Europe, Data Privacy Day commemorates the signing of the first international treaty that was legally binding for governing data protection and privacy, named Convention 108.
After what had been another eventful year of data breaches in 2020, we believe it is important for all individuals and organisations to start 2021 with a positive, proactive approach to data protection. The commemorative day at the start of the year should be valuable in raising awareness about issues relating to data privacy, yet nothing ever seems to change as we continue to see breach after breach after breach.
At Your Lawyers – The Data Leak Lawyers – we aim to empower victims of data breaches to take action against those who have failed to protect their data, to ensure that the consequences of data breaches can be learned. We feel that it is the most proactive way forward given that no amount of legislation or commemorative days appear to be making the difference that is really required.
In what is continuing to be a common trend for local government authorities, the recent Blackpool Council data leak has seen the exposure of personal data belonging to hundreds of individuals.
The issue has been labelled as a so-called accidental “human error” incident. A data handling mistake reportedly resulted in the details of about 428 people being made public, when the data should have remained private.
Occurring within months of our coverage of the Hackney Council cyberattack and the Bristol City Council data leak, this breach unfortunately comes as no shock to us. It probably comes as no shock to anyone who has become familiar with recurring patterns of council data leaks in general. Inadequate data protection practices at so many local councils means that this is a nationwide problem. We are here to help anyone affected by data breaches like this, striving to win them the compensation they deserve.
Following a two-year investigation into credit reference agencies, the Information Commissioner’s Office (ICO) has taken enforcement action against Experian. It was ruled that the company must make “fundamental changes to how it handles people’s personal data”, according to the ICO.
The investigation examined three credit agencies, of which Experian is the only one to reportedly face punitive action for data handling they carry out for direct marketing purposes.
Experian is understood to have taken some steps towards improving their data handling, but it was not enough to satisfy the ICO that data protection law was being adhered to. It is reassuring to know that Experian must make changes, and demonstrates to other companies that any sidestepping of the GDPR will not be tolerated by regulators.
In the case of cyberattacks, many organisations follow appropriate reporting procedures, such as notifying the Information Commissioner’s Office of the breach. There is also the need for alerting affected customers, members, or employees of their involvement in a data security incident too. However, many firms may be ignoring cyberattacks and their after-effects, putting those affected in an unacceptable degree of danger, sometimes to preserve their own interests.
At Your Lawyers – The Data Leak Lawyers – as a leading data breach claims firm, we believe cyberattacks are like any other crime and should be reported and dealt with accordingly. Unfortunately, too many organisations view cybersecurity and data protections as luxury additions to their operations, disregarding the dangers they are putting people in.
If you have been affected by a data breach and believe the responsible party is not taking it seriously enough, you may be entitled to claim compensation. It is bad enough to have your data exposed, but to witness dangerous inaction from the organisation involved can only add insult to injury.