Leading Data and Privacy Law firm Your Lawyers have been concerned to learn of an investigation into plans to sell Covid test samples for medical research.
The news was broken in November 2021, and reportedly involves Cignpost Diagnostics, trading as ExpressTest, who are understood to have conducted almost three million tests. It has been suggested that there are plans by the company to analyse samples from swabs and sell data to third parties, according to inews.
The Cabinet Office has been issued with a penalty in the sum of £500,000 for the 2020 New Year Honours data breach, an incident that we have resolved legal action for.
The fine has been issued by the UK’s data watchdog, the Information Commissioner’s Office (ICO), which is intended to act as a punishment for what has happened. Such penalties can also act as a deterrent against future events.
We are pleased to see that regulatory action has now concluded. The fine is a separate matter to private legal action that victims of the data leak can be entitled to pursue. We have already resolved legal action that we have taken, having been instructed to act in the wake of the event, and this fine further cements that victims could be entitled to pursue a claim for compensation.
As patients, we trust that our data is held securely by healthcare organisations, and that medical professionals will only access and use our information when absolutely necessary. Unfortunately, hospital data snooping does occur, as some healthcare staff view patient information without authorisation or consent.
Whether intentional or unintentional, data snooping is a practice that all healthcare staff must steer clear of, particularly due to the sensitivity of medical records. It is understandably worrying for victims to learn that their information has been subjected to unauthorised access, as there could be malicious intent behind the user’s actions. When healthcare staff abuse or take advantage of their data access privileges in this way, it can constitute a breach of data protection law.
If you believe that your privacy has been violated in this way, you could be eligible to claim compensation for the harm caused. Contact us for free, no-obligation advice now if you think you may have a claim to make.
A Chorley Council data breach has recently been reported after it was revealed that thousands of members of the public may have had their details exposed by the local authority. The incident appears to be yet another example of the damage that can be done to information security when employees make misjudgements.
Unfortunately, the incident at Chorley Council is only one in a long list of data breaches to have been caused by human error at local government bodies generally. Councils like Chorley should be striving to break with this trend, but there has unfortunately been little progress in terms of data protection it seems.
In the UK, all third-party data controllers are obliged to comply with the GDPR in their protection of the information that they hold and process. If they fail to do so, they can be held accountable, and those affected may have a right to make a compensation claim.
The Competition and Markets Authority (CMA) has recently disclosed figures for the data breaches that have affected the UK government regulator. They reportedly revealed that a total of 150 breaches have occurred over the last two years. The competition regulator data breaches are worrying given the CMA’s role in upholding the law, which requires them to handle a large amount of private information, some of which can be sensitive.
The importance of cybersecurity should now be well known to all businesses and organisations, as many can be prime targets for hackers and fraudsters searching for information to misuse. The malicious intent of cybercriminals should give organisations that sense of the importance of data protection. However, it appears that the CMA may not have been able to adopt the caution required of an organisation with such sensitive data handling responsibilities.
An employee in the motor industry has reportedly been prosecuted for the unlawful disclosure of accident data, which she illegally recorded and sold on for use by another company.
The ICO (Information Commissioner’s Office) has confirmed that a former employee of the RAC collected road accident data from the car insurance and roadside assistance company. It is then reported that she passed data on to the director of an accident claims firm.
The incident shows how personal data can be a valuable criminal asset and is a disturbing account of how the trust of customers can be broken when criminals decide to misuse data for their own profit. At the same time, it is reassuring that such criminals can be detected and punished under the law.
At Your Lawyers – The Data Leak Lawyers – as leading data breach claims lawyers, we aim to hold those responsible for data breaches to account for their actions. As such, if you have suffered as a result of having your data exposed, we are here to help you claim the compensation that you deserve.
Data Privacy Day 2021 was marked recently on the 28th January, the fifteenth time the day has been celebrated. Also called Data Protection Day in the UK and Europe, Data Privacy Day commemorates the signing of the first international treaty that was legally binding for governing data protection and privacy, named Convention 108.
After what had been another eventful year of data breaches in 2020, we believe it is important for all individuals and organisations to start 2021 with a positive, proactive approach to data protection. The commemorative day at the start of the year should be valuable in raising awareness about issues relating to data privacy, yet nothing ever seems to change as we continue to see breach after breach after breach.
At Your Lawyers – The Data Leak Lawyers – we aim to empower victims of data breaches to take action against those who have failed to protect their data, to ensure that the consequences of data breaches can be learned. We feel that it is the most proactive way forward given that no amount of legislation or commemorative days appear to be making the difference that is really required.
Following a two-year investigation into credit reference agencies, the Information Commissioner’s Office (ICO) has taken enforcement action against Experian. It was ruled that the company must make “fundamental changes to how it handles people’s personal data”, according to the ICO.
The investigation examined three credit agencies, of which Experian is the only one to reportedly face punitive action for data handling they carry out for direct marketing purposes.
Experian is understood to have taken some steps towards improving their data handling, but it was not enough to satisfy the ICO that data protection law was being adhered to. It is reassuring to know that Experian must make changes, and demonstrates to other companies that any sidestepping of the GDPR will not be tolerated by regulators.
A big problem surrounding medical data breaches, and one of the most concerning, is when a member of staff breaches confidentiality by accessing patient records without clinical justification.
We entrust medical employees and NHS staff to safeguard our personal medical data and only access it as part of our treatment or care. That is why it is so concerning when a member of staff is accessing patient records with no medical reasoning or no proper authority to do so.
It is sometimes hard to know what exactly they are using the data for, potentially putting individuals at risk by exposing sensitive data. In many cases, the perpetrators know the victims, which can make the distress for the victims even worse.
New research has highlighted that public sector GDPR breaches could become a more regular occurrence due to understaffed Government data protection teams.
GDPR breaches can be extremely serious, exposing people’s private data and leaving them vulnerable to cyberattacks and much more. It is important that victims know their rights – as a leading firm of data breach compensation lawyers, we could represent you for a case on a No Win, No Fee basis if you are eligible.
We are proud to offer free and no-obligation advice for victims of a breach too.