Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
The simple answer is – at the moment – no.
Companies and organisations are responsible for data breaches, but don’t have to report them, although it’s generally deemed as good practice to report a breach. However, they do not always have a legal obligation to report a data breach under the Data Protection Act (DPA), but this is all set to change in 2018 when the EU GDPR comes into force.
So, in the near future, reporting certain breaches will actually be mandatory…
A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual who isn’t authorised to do so. This may mean that someone other than the data controller has had access to the data, but it can also mean that someone within the organisation has accidentally lost the data.
The Information Commissioner’s Office (ICO) is a public authority responsible for the enforcement of the DPA. The ICO provides companies and organisations with a ‘data protection breach notification form’, allowing data controllers to report a breach of the DPA. Again, this isn’t mandatory, but it’s seen as good practice.
There are generally three types of breaches that can be reported to the ICO:
The ICO details seven steps that are important for organisations to notify the ICO of in the event of a DPA breach:
On face value, reporting a data breach may seem to be degrading and damaging on your company. However, the long-term effects of reporting a data breach can actually be positive. Reporting it and owning up could maintain and enhance relations with customers and allow ‘swift containment and recovery of the situation’, as the ICO states.
By not reporting it to authorities, the harm caused by the data breach could potentially be greater. An example of this would be tech giant Yahoo’s data breach that happened in 2014, but took two years to surface, with some one billion accounts affected. If they had reported about the breach sooner, perhaps they could have minimised any damage caused and prevented soiling relations between themselves and their users.
The prayer for companies to disclose their security breaches has been answered, as the EU General Data Protection Regulation (GDPR) will come into force in 2018.
Next year, reporting some breaches will be mandatory!
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020