First published by Matthew on January 10, 2020 in the following categories: Claims Cybersecurity ICO Latest Security and tagged with compensation | cyber attack | cyber crime | cybersecurity | database security | ico | personal data | retail data breach
The Dixons Carphone data breach fine has been formally issued by the Information Commissioner’s Office (ICO) for the maximum amount possible under the previous rules.
The cyberattack took place between July 2017 and April 2018, meaning the Data Protection Act 1998 applies as opposed to the GDPR that came into force just a month later. As such, the maximum fine that the retailer could face was £500,000.00, which is what the ICO has issued. Had the attack have continued into the GDPR era, they could have faced fines in the hundreds of millions of pounds mark.
We’ve been representing victims of this data breach for some time now as expert data protection compensation lawyers with a wealth of experience in large consumer actions. As we know a great deal about this breach as it’s one of our live actions, we’re not surprised by the findings and the maximum fine being issued.
First published by Matthew on January 07, 2020 in the following categories: Claims GDPR ICO Latest Security and tagged with data breach | data controllers | data leak | gdpr | ico | medical records | personal data
It’s official: the first GDPR fine in the UK has been issued to Doorstep Dispensaree for data protection breaches that spanned across a two-year period.
This one involves medical data, which is some of the most personal and sensitive forms of data that there is. Medical data breach compensation claims account for a large proportion of the legal cases that we take forward because of how common they can be, and because of the impact on victims. The impact is often severe because this is the kind of information that we do not want to be misused or exposed.
The breach period, in this case, is between June 2016 and June 2018, which means that it just falls within the GDPR start period from May 2018. The Information Commissioner’s Office (ICO) was reportedly alerted to the breach by the Medicines and Healthcare Products Regulatory Agency (MHRA) who were conducting unrelated enquiries.
First published by Matthew on December 19, 2019 in the following categories: Claims Council Employee Data Breach GDPR ICO and tagged with compensation | council | council data breaches | data controllers | employee breaches | ico | personal data
If you have been the victim of a social care records data breach, you may be entitled to make a claim for compensation with us on a No Win, No Fee basis.
One of the most common types of individual legal cases that we represent people for involve councils, and a large volume of them relate to social care information. Social care data can be incredibly personal and sensitive which is why we find that data breach compensation pay-outs for these kinds of incidents can be quite high.
Victims should always know their rights. An apology isn’t always enough, especially when the data that has been exposed or misused is sensitive, which can often be the case when it comes to social care data.
In the same way that fines can be far higher, will we also see higher GDPR compensation amounts since the new law came into effect in May 2018?
Although data breach compensation amounts are still based on the individual impact to the victim, and this hasn’t changed since GDPR, the new laws can make brining a claim an easier thing to do. The law is more stringent than the previous Data Protection Act, so there can be more avenues for people to be able to claim. And the recent court case victory has also paved the way for people to be able to launch a claim even if they haven’t suffered any distress or loss at all.
The difference in fines is, of course, monumental. We have already seen the power that regulators now have to ensure data breach offenders are properly punished.
First published by Matthew on August 28, 2019 in the following categories: Claims ICO Security and tagged with compensation | data breach | data controllers | data leak | employee breaches | human error | ico | personal data
Human error data breaches remain one of the number one causes when it comes to data protection incidents, and it’s important for victims of these kinds of breaches to know their rights.
The important thing to know is that it doesn’t stop you being able to claim if the cause of a breach stems from an error by a human. The organisation that employs the person can be held liable for a legal case, and in this article, we’ll explain why.
It’s not an acceptable excuse for an organisation to simply try and defend a claim on the basis that the fault lies with a human.
The Information Commissioner’s Office (ICO) has issued a fine in the wake of a documentary that was filmed that led to the Addenbrooke’s Hospital data breach relating to patient consent.
London-based production company behind the filming, True Visions Productions (TVP), were fined £120,000.00 for unlawfully filming in a maternity clinic. As the incidents took place before GDPR, they have been fined in accordance with the previous rules where maximum fines could reach up to £500,000.00; unlike the recent record-setting fine of £183m issued to British Airways.
Filming took place between 24th July 2017 and 29th November 2017 and ceased following complaints received by the ICO. The ICO said: “A patient attending the clinic would not have reasonably expected there to be cameras in examination rooms and would expect to be made aware of any filming.”
First published by Matthew on July 24, 2019 in the following categories: Cybersecurity Data GDPR Hacking News Police Ransomware Security and tagged with cyber attack | cyber crime | cybersecurity | data controllers | database security | gdpr | ico | personal data | police breach | police data breach | ransomware
We represent people for police-related data incidents, and with this in mind, here’s a number of reasons as to why the recent Eurofins data breach is a worrying one.
In case you’ve not heard of this one, this relates to an organisation that the police outsource forensic work to. Eurofins reportedly process more than 70,000 cases per year, and deal with DNA analysis, toxicology, ballistics and computer forensics. As such, they can be at the heart of investigations into serious crimes, including murder, sexual offences and terrorism.
Worryingly, they were recently hit by a ransomware attack. This has led to a number of concerns about the security and quality of the work they carry out, and has caused significant disruption to police investigations.
First published by Matthew on July 23, 2019 in the following categories: British Airways Data Breach Claims Cybersecurity GDPR Group Action ICO Security and tagged with British Airways Data Breach | compensation | cyber attack | cybersecurity | data controllers | database security | Group Action | ico | Marriott / Starwood Data Breach
The recent record-setting British Airways and Marriott fines that are to be enforced by regulators show the importance of cybersecurity to prevent breaches, and justice for the victims when an incident occurs.
What we saw was two major organisations whose systems were breached when we should be able to expect big corporations to protect our data. We should be able to safely assume that these large, wealthy organisations can – and will – invest in solid cybersecurity. But both have undoubtedly fallen short, and the result is huge fines and claims for compensation for the victims.
The levels of the provisional fines to be enforced shows how seriously the Information Commissioner’s Office (ICO) is taking breaches of GDPR. The compensation actions that we represent people for are the way forward when it comes to justice for victims, which is not accounted for as part of regulatory fines.
First published by Matthew on July 15, 2019 in the following categories: British Airways Data Breach Claims GDPR Group Action ICO and tagged with British Airways Data Breach | compensation | gdpr | Group Action | ico
A number of people have been unsure as to how the £183m BA GDPR fine works in relation to compensation. They are two separate things, and here’s how it works.
Firstly, the record fine is the current proposal, and British Airways and their owner (IAG) can appeal the decision. Whether any appeal will be successful remains to be seen, but crucially, this is not yet the final fine. However, there will likely be a fine. Even if an appeal is successful, we expect that the Information Commissioner’s Office (ICO) is still going to issue a fine.
In terms of compensation, this is dealt with separately as part of a pending group action that you can sign-up for here.
First published by Matthew on July 12, 2019 in the following categories: British Airways Data Breach Claims GDPR Group Action ICO and tagged with British Airways Data Breach | compensation | Group Action | ico
The British Airways compensation deadline for the pending group action we’re representing people for could come around incredibly fast.
The lawyers acting for BA appear to be wanting a quick cut-off date which could see this close off as the fastest Group Litigation Order (GLO) ever processed. As such, we must warn anyone who has yet to join that the deadline for submitting a claim could be very, very soon.
You can sign-up to join the action now, and we recommend that you do so as a matter of urgency. Missing the deadline could mean losing your chance to claim compensation as a victim of the 2018 data breaches.