A former Wiltshire Council social worker has reportedly been taken to court over a “serious breach of trust”, having been found to have accessed sensitive information without reason or authorisation.
As a social worker, the individual in question was granted certain data access privileges. It has been reported by the Gazette and Herald that she abused her position in a way that could have put the privacy and safety of vulnerable people at risk.
Social workers naturally have a high level of trust invested in them, so it is understandable that there is a no-tolerance policy for any employees who breach this trust. Social services data breaches like this can have severe consequences for those affected, particularly where vulnerable minors are involved, as their personal details often must be kept under highly restricted access in order to protect them from abusive adults. We represent people for these kinds of cases quite a lot. As such, it is essential that anyone who threatens to compromise the need for data protection is punished accordingly.
It has recently been confirmed that a former Hampshire police officer has been reportedly banned from ever entering the police service again after it was found that he accessed private records without a valid policing reason. The Special Constable in question is understood to have resigned from his position before superiors could dismiss him for his data snooping.
While police officers are granted information access to records and details that are needed for casework, they are not authorised to view or use information outside of their policing workload without any good reason. Campbell violated his professional duty by accessing information without a legitimate reason, reportedly only browsing the records due to “curiosity”.
Regardless of the motives of the Hampshire police officer, there is no excuse for breaching data protection law. We trust the police service to maintain strict control over personal information, so it is important that any officers who breach the duty they owe to the public are held accountable for their actions.
In many cases, data protection breaches arise as a result of human error. A CybSafe analysis of data breaches reported to the ICO found that 90% of UK data breaches in 2019 were caused by user mistakes. The employees responsible for cybersecurity would, therefore, seem to be failing to adhere to data protection law, but there is much more to it than that.
Despite the high incidence of human error, it is employers who bear the ultimate responsibility for upholding data protection at their companies. This can mean that, when a data breach occurs, organisations may be liable to pay compensation. If you have been affected by a data breach caused by an employee, you can still have every right to make a claim and recover compensation from the organisation as a whole.
Despite looking up private police records without authorisation, a Detective Sergeant has recently evaded dismissal following a misconduct hearing. In the Northamptonshire detective data breach case, the Detective Sergeant reportedly looked up the details of a woman with whom he was engaging in an extra-marital relationship with at the time, who was involved in a case he was working on.
His actions reportedly amounted to misconduct, so the Northamptonshire Police appear to be sending mixed messages by not taking the matter any further. The police can, and often do, dismiss officers for similar offences, but this officer’s acceptance of the accusations against him, and his standing in the force, seem to have allowed him to avoid further consequences.
Police data breaches like this should be treated with the severity that they merit, taking account of the potential damage such actions can cause. Police services cannot afford to let employees off lightly for breaching data access regulations, as doing so could risk compromising the force’s reputation and its overall data security and integrity.
NHS CCTV cameras have reportedly been embroiled in a hack affecting security footage across the globe, after security company Verkada is understood to have been breached by hackers. It is said that live streams for as many as 150,000 Closed-Circuit Television (CCTV) cameras may have been viewed by unauthorised users.
Serving organisations include prisons, general businesses, schools and even psychiatric hospitals. The breach of Verkada’s cameras may have exposed the identities of many people working in, living in, or visiting affected institutions.
It is unclear exactly which feeds hackers may have viewed and what they gleaned from the footage, but it is nevertheless worrying to learn that a security firm has been subjected to such a wide-reaching breach. There is currently no evidence that any NHS camera feeds were viewed by hackers, but Verkada lists the NHS as one of its clients on the company website. Hackers have also claimed that they have been able to access the cameras of any of the affected organisations.
Recent coverage has revealed that action taken by bank employees and police prevented some £45m of fraud in 2020, saving customers from the loss of an average of almost £6,000 each. The figure is a testament to the success of the Banking Protocol scheme that encourages banks and the police to work together to protect consumers.
However, the huge £45m sum is also a sign of the scale of fraud in the UK. As leading, specialists in data protection law, we believe that the link between data breaches and fraud is a problem that needs to be addressed. When a third-party organisation fails to protect your personal information, it may be leaked into the hands of cybercriminals, who may attempt to steal from you via various kinds of manipulative scams.
We believe that it is essential that all data controllers are held to account when they fail to observe their legal duties. We have helped thousands of consumers to recover the compensation that they deserve, so we encourage any data breach victims to come forward for free, no-obligation advice on their potential claims.
In June 2018, the Shurgard data breach came to our attention, and we began to advise those affected by the incident. It was found that an internal error had led to personal information about employees being mistakenly shared, allegedly with all employees in the company.
It may seem that internal company data breaches are not as severe as those that provoke widespread public data exposure but, in fact, incidents such as these can be highly serious for those affected. Data protection errors must be avoided in all circumstances, as even the most basic of mistakes can have harmful implications.
All businesses and organisations in possession of personal data have a legal obligation to protect this information to the best of their abilities. Where they fail to meet this obligation, it can constitute a breach of data protection law. Those affected by the Shurgard data breach, or any other incident like this, may have a right to recover compensation for a data breach incident. To hear more about your potential right to claim, contact our specialist data breach team for free, no-obligation advice.
July 2021: it has been widely reported that British Airways has settled claims for victims of their 2018 data breaches. The airline will likely see the British Airways data breach claim settlement as an opportunity to draw a line under the legal action against them, but the claim process is, in fact, far from over – so don’t worry! Only one subset of the 420,000 victims of the data breach have settled claims, so those who have yet to claim still have a chance to claim with us.
Due to an agreement of confidentiality between the parties involved, the compensation amounts for the British Airways data breach claim settlement have not been disclosed. Our group of claimants still have a chance to potentially receive thousands of pounds in damages as a fair settlement of their claims.
Since the British Airways data breaches occurred in 2018, we have been seeking justice for those affected. We want to ensure our claimants can receive the maximum possible compensation pay-outs, and we continue to fight hard for the victims of the British Airways data breach that we represent.
In June 2018, Ticketmaster revealed that a security incident had affected its website, causing the personal information of customers to be exposed. Discovered on 23rd June, the information was exposed due to the actions of an external hacker, but questions were raised regarding how far the incident had been caused by Ticketmaster’s own alleged negligence. We began taking on claims soon after the breach was announced, and we are now running our Ticketmaster data group action to ensure that those affected can receive the compensation that they deserve.
The breach has potentially demonstrated how insufficient cybersecurity could be responsible for mass information exposure. Thousands of customers had sensitive payment details exposed as a result of what we understand to be a system vulnerability, so we believe that Ticketmaster must answer for what has happened.
If you have been affected by this data breach, you can contact our team to find out if you have a compensation claim to make.
Although no formal incident has occurred, statements made by ex-employees have given rise to Amazon data breach concerns. Describing the attitudes to personal data, one of the former employees, who previously held high-profile positions, reportedly noted that Amazon is unaware if it is protecting information correctly. The coverage suggested that Amazon does not have a handle on the huge quantities of data it has aggregated, which is a worrying thought given the company’s status as one of the largest businesses in the world.
The insider perspectives provide no confirmation of breaches of data protection law, but it is nevertheless worrying to think that the concerns of security experts were reportedly dismissed during time spent at Amazon. As a leading international e-commerce company, million of users visit Amazon sites all the time.
Holding millions of customers’ information, the data protection responsibilities of Amazon are monumental. As such, if a breach were to occur, the effects could be devastating. As leading specialists in data breach claims, we want to see that all companies are taking their duties seriously, as we know how serious the repercussions can be for victims who have their information exposed.