Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
A data breach is the intentional or unintentional release of secure or private/confidential data by, say, employees, cyber-hackers, political activists or national governments.
The Information Commissioner’s Office (ICO) is the U.K.’s independent privacy watchdog who have the responsibility of upholding information rights for the benefit of the public interest. Though there isn’t a legal responsibility on companies and/or organisations to report all data security breaches, it’s considered good practice to do so.
Here’s a look at some of the recent data security incident trends from the ICO.
The Data Protection Act (DPA) presses for companies and organisations to uphold information security:
This is the 7th Data Protection principle. In practice, it means companies and/or organisations must have appropriate cyber-security to prevent personal information being accidentally or deliberately compromised.
The ICO provides tips as follows:
|To design and organise your cyber-security to fit the nature of the personal data you hold, and the harm that may result from a security breach.
|Be clear about who in your organisation is responsible for ensuring information security. There should be a designated chief information officer.
|Ensure you have the right physical and technical security; this should be backed up by robust policies and procedures and well-trained staff.
|Be ready to respond effectively to any data breaches.
The ICO has recently fined:
They’re always investigating incidents, and the above is just a small example of the sorts of fines they have distributed.
The ICO’s power isn’t limited to monetary penalties – they can also issue undertakings. In one example, an undertaking was issued to Pennine Care NHS Trust for them to comply with the 7th Data Protection principle.
The privacy watchdog also checks whether undertakings are being complied with. For example, the ICO checked if Wolverhampton City Council (signed in June 2016), Cornwall Council (signed in September 2016) and NHS Digital (signed in April 2016) had completed their undertakings following data protection investigations.
From October to December 2016 and January to March 2017 there was a reported 20% increase in personal data sent by email to the incorrect recipient, and a 32% increase in failure to black-out personal data.
This is indicative that more training is required for employees who are handling the data. It would be more cost-effective for the company/organisation to train employees on how to handle personal data securely and sensitively rather than having to pay for the repercussions in the event of a security breach.
Though exfiltration seems to be the most common type of cyber-security incident, other vulnerabilities in the system like cyber-security misconfiguration can result in data breaches too. We can’t take these statistics as perfect since they’re based on ‘reported incidents’, and it’s a well-known problem that not all organisations are properly reporting data breaches, and there can be many reasons as to why. One reason is to avoid fines, and another may be to “save face” on the origination’s reputation.
In the ICO’s study, it’s reported that health, general business and local government were the sectors with the most reported incidents, based on a study published on 20th June. The ICO notes that breach reporting in the health sector is mandatory.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020