Posted by Matthew on March 22, 2019 in the following categories: Employee Data Breach Healthcare ICO and tagged with cyber snooping | employee breaches | medical data breach | medical records | nhs | personal data
There has been a Heart of England NHS data breach incident, and it’s yet another case of an NHS employee snooping on the personal data of people they know.
We’ve spoken out about the issue of NHS employees abusing their rights to access medical data a lot recently. The Information Commissioner’s Office (ICO) – the UK’s data watchdog – has prosecuted a number of offenders for such actions. They’ve also had to send out warnings to staff about their responsibilities and the punishments they can face when it comes to this kind of behaviour.
A large volume of the cases we represent people for are NHS data breach compensation claims, so hearing of these kinds of incidents isn’t surprising.
Posted by Matthew on March 19, 2019 in the following categories: Council Data Employee Data Breach ICO Latest and tagged with council | council data breaches | data breach | data controllers | employee breaches
There has been a prosecution for a worrying Nuneaton and Bedworth Council data breach that’s an example of how employees can exploit the data they can access.
In this incident, former head of building control at the council, Kevin Bunsell, shared personal information about job applications with his partner. His partner had applied for the same job that the candidates whose data was shared had applied for, and she won the position.
Although we can only speculate as to the motives, we can assume that the reasons for sharing the data were to assist his partner in securing the position which she was eventually awarded.
Posted by Matthew on March 01, 2019 in the following categories: Cybersecurity Data Healthcare ICO Latest and tagged with data breach | data controllers | gp data breach | medical data breach | nhs | personal data
NHS England has ruled in an investigation into a Worcester GP data breach after previous findings suggested that the law had not been broken.
In this unusual case, the Severn Valley Medical Practice reportedly posted information online about a patient. Initially, the Practice is understood to have disputed that any data protection breach had occurred. Since then, NHS England and the Information Commissioner’s Office (ICO) both agree that the incident was a failure to comply with data protection obligations.
Another element that makes this case unusual is about allegations made surrounding the Data Protection Officer (DPO) who reportedly claimed there wasn’t a breach in the first place.
Posted by Matthew on February 21, 2019 in the following categories: Cybersecurity Data GDPR Hacking News ICO Latest Security Technology and tagged with apps | cyber attack | cyber crime | cybersecurity | online security | personal data
A Deliveroo data breach “incident” is said to have been reported to the ICO who have confirmed that they’re making inquiries.
Back in 2016, the food delivery company faced scrutiny after customers complained of fraudulent transactions on their accounts. In some cases, it appeared the issues were down to people’s credentials being stolen in hacks completely separate to Deliveroo. Criminals had used stolen credentials to access accounts in cases where credentials were reused.
Deliveroo were subsequently criticised over what some customers felt was a failure to spot and stop fraudulent transactions. In this latest incident, it appears that history may be repeating itself.
Posted by Matthew on December 13, 2018 in the following categories: Claims Cybersecurity Hacking News ICO Latest Security and tagged with compensation | cyber attack | cybersecurity | database security | online security | uber
A hefty fine has been issued over the 2016 Uber cyber attack as a result of security flaws that could have prevented the breach in the first place.
The data for some 2.7m Uber customers in the UK was compromised, as were the records for over 80,000 drivers. The fine, issued by the ICO (Information Commissioner’s Office), is small in comparison to potential GDPR fines. This is because the cyber attack took place in 2016 before the new rules came into force.
Had the cyber attack have happened this year, Uber could have faced fines in the millions.
A sickening Staffordshire police data breach has led to an officer being sacked and being handed a 12-month prison sentence.
With the police handling very sensitive and personal information, we expect the best from them. Unfortunately, they do fall short on some occasions. The police have been embroiled in a number of data breach incidents for several years. A concerning element is where officers are using police data when they’re not supposed to.
This hearings in the Staffordshire police data breach at the centre of this article resulted in the instant dismissal for the officer involved.
Concerns have been raised over the quality of Lancashire County Council data protection measures after a spate of breaches occurred in a period of a few months.
Council data breach claims are common. Our Data Leak Lawyers represent a lot of victims claiming for council data protection issues because of how often these incidents can occur.
According to recent figures, Lancashire County Council data protection measures are in need of improvement. This has come after a significant number of breaches occurred over a three-month period, of which some were referred to the ICO (Information Commissioner’s office).
Former nurse at Southport and Ormskirk Hospital NHS Trust, Clare Lawson, joins the long list of prosecuted NHS staff caught snooping on medical records.
We’ve ran so many stories about the prosecutions and penalties enforced by the ICO (Information Commissioner’s Office) for snooping. The NHS hold a vast wealth of medical data about us, and it’s all private and often very sensitive. We put our faith in the NHS and their staff to look after our confidential information and not abuse their access to it.
This is yet another prosecution for the improper access of medical records. These kinds of medical data breaches are common for us to represent people for.
The Equifax ICO fine was welcome news, although victims may need clarity on their rights for compensation as well as understanding the fine itself.
The Equifax ICO fine was the maximum allowed under the rules that came before the GDPR. Had the incident have occurred in the post-GDPR era, Equifax could have faced fines amounting to millions.
The fine itself is separate to any compensation claim a victim is entitled to make. We launched our legal action last year and it’s not too late to join if you’ve yet to sign-up. Read on for more information about how the fine was issued as well as victims’ rights to compensation.
The Equifax data breach fine from the ICO is the maximum amount that can be issued under the pre-GDPR rules. We welcome the decision.
Last year, we initiated our legal action against Equifax for victims of their mega breach. We’re now representing a number of individuals affected by the breach. If you have yet to join our Claimant Group, please contact us as soon as you can. It’s not too late.
The fine issued by the ICO (Information Commissioner’s Office) is the maximum allowed under the former rules before GDPR came into force. However, the fine does not account for the compensation that we’re pursuing for people.