We already believed that the risk of further public sector and government data breach incidents was significant, but a recent review has drawn similar conclusions.
Many of the thousands of clients that we represent have had information exposed or misused by a public sector body. In the wake of the recent New Year’s Honours data breach that we’re pursuing damages for, a review has concluded that the risk of further breaches is “significant”.
This doesn’t come as a surprise to us, and we can explain why. Many are labelled as just “human error” incidents, but there can be so much more to it than that.
Why the risks of a government data breach is significant
According to additional investigations in the wake of the New Year’s Honour incident – a serious government data breach that we are working on – the risks of further and bigger data breaches occurring are said to be “significant”. It’s also understood that breaches are being too easily tagged as “human error” incidents where there needs to be “greater consistency of process, controls and culture”.
The reduction of systemic risks is also referenced.
We welcome this review. As a leading firm of consumer action and data breach experts, we’re often approached by the media to discuss privacy matters, and we regularly feature in the mainstream media. As we have said on more than one occasion, we do not just take the “human error” element as the core of the problem. Many of the data breaches that we represent people for where “human error” is stated as involved could have been prevented. Prevention often comes down to having proper systems and procedures in place, let alone adequate ones. The problems really are systemic, and it may take wholesale changes to make a real difference.
The executive summary of the review states that there remains a significant risk of greater breaches happening. We know this is the case, and we share these concerns.
Real world examples
We can give you real-world examples of public sector and government data breach incidents where “human error” is labelled as being involved, but where systemic failures are at play. The New Year’s Honour case we are dealing with is an easy example given the review has stemmed from it, but there are plenty of others too.
The 56 Dean Street Clinic leak is perhaps one of the easiest and most infamous to draw upon. Here, a mass email was sent to almost 800 users of an HIV service at a sexual health clinic. The sender was supposed to use the ‘BCC’ function but used the ‘CC’ function instead. The result was that the recipients’ information, and therefore their private medical status, was leaked.
We do not see this as a simple “human error” incident. There is widely available mass emailing software that can be used, and some of it’s free. The archaic way of sending mass emails like this is dangerous, risks privacy breaches, and simply doesn’t need to be used. In our view, it’s a systemic problem that led to this breach.
Unfortunately, last year, the exact same thing happened with the Charing Cross Gender Identity Clinic leak. We represent victims for both leaks, with data breach compensation values being substantial given the nature of the data that has been exposed.
Of the thousands of clients that we represent, many involve avoidable individual incidents too. From data being sent to the wrong recipient in error, or two people’s letters getting mixed into one envelope, these kinds of breaches happen all the time. Unfortunately, when the information exposed is personal and sensitive, the impact for the victim can be severe.
There are also plenty of private sector examples too. The recent Virgin Media data breach is an easy one where an employee incorrectly configured a database that resulted in the information for 900,000 people being exposed. In 2017, the monumental Equifax data breach stemmed from someone failing to patch a known security vulnerability. In both cases, we believe that better systems and procedures could have prevented these massive incidents.
Rights for victims and compensation claims
If you have been the victim of a government data breach, you have the right to make a claim for compensation. You could be entitled to damages for the distress caused by the loss of control of your personal information. If there are any losses and expenses incurred as well, you may be able to recover damages for those also.
We can offer No Win, No Fee representation for those who are eligible to claim with us.
For free, no-obligation advice, please don’t hesitate to contact the team today.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Matthew on May 14, 2020
Posted in the following categories: Claims Data GDPR Government Group Action Latest Security and tagged with compensation | data breach | data controllers | data leak | database security | email leaks | employee breaches | government | Group Action | personal data | smart technology