Reports show that 2021 saw 1,243 security incidents which resulted in 5,126,930,507 breached records – any snippet of information not intended for sharing – and is an 11% increase in security incidents compared to 2020 (1,120). Such things can affect anyone. Realizing that your personal things has been compromised can be stressful, learn how to avoid data breach and leakages. There are steps you must take minimize the exposure of your sensitive data.
The below guide will assist you if you have became the victim and want to limit the damage. Whether an email was sent to the incorrect recipient, a laptop was stolen from a car, or files were lost due to flooding – you should know how to react to such breach.
Who protects my personal and professional data?
The Information Commissioner’s Office (ICO) is the government body that upholds these things in the public interest, promoting transparency from organizations and respective privacy for individuals.
Importantly, the ICO upholds the Data Protection Act 2018 – the law that controls how your personal information can be used by organizations, including businesses and the government. This law is the UK’s application of the General Data Protection Regulation (GDPR).
The ICO states that everyone responsible for handling these details must follow strict rules, called ‘data protection principles’. They must make sure the information is:
- Used fairly, legally, and openly
- Used for specific, stated objectives
- Used only for intended purposes
- Accurate
- Not kept longer than is required
- Handled in a way that guarantees proper security, including protection against unauthorized or unlawful access, processing, loss, destruction, or damage.
Specifically, the ICO take strong measures to protect sensitive data relating to:
- Race
- Ethnic background
- Political opinions
- Religious beliefs
- Trade union membership
- Genetics
- Biometrics (where used for identification)
- Health
What should I do?
By law, you must report any breaches to the Information Commissioner’s Office (ICO) within 72h. Follow the steps below to ensure you are doing as much as you can to protect and minimize the damage following a breach.
Report
You can report a breach on the ICO website. The 72h clock begins from when you discovered the breach, not when it happened. Failure to report the breach gives you little chance of ever recovering the details as you will not be able to gain the ICO’s support. You should seek to report the breach as soon as possible.
Keep a log
After reporting the breach, you then need to find out what has happened. Keep a log of the breach, in which you should write down facts about the incident as you uncover them. This could include what happened and why, how many people were involved, a timeline of when it all happened, and what actions you have taken so far. This may be useful for the ICO investigating the breach to understand the circumstances surrounding the breach and allow them to take better action. Should you wish to take legal action, keeping a detailed log of the events could help substantiate your claims further.
Attempt to limit the breach
Your priority is to find out what happened to the sensitive personal data and recover it right away, if you can. You should also take every step to protect those who could be also affected.
If the such details were accidentally sent to someone, you can ask them to delete it or send it back securely. If you do not know where the breach is from, retrace your digital steps. If the breach is due to a stolen digital item and you are able to remotely wipe off – do so immediately. By doing this, you reduce the possibility of personal information getting into the wrong hands.
Assess the risk
You should now assess what you feel the risk of harm is to those affected, whether that is your customers, members or service users.
The idea of risk refers to any potential negative impact on individuals, such as considerable distress, identity theft, or safeguarding concerns. These issues may range from minimal severity to highly dangerous to the safety of the individuals.
Understanding if you are eligible to make a claim
You have learned that how to avoid data breach and leakage. However, what to do if the damage is done. Read the following to get solutions.
If you think your personal and professional data has been misused or that the organization holding it has not kept it secure, you should contact them and tell them. If you are unhappy with their response or if you need any advice you should contact the ICO.
If you have suffered as a result of a company violating protection laws, you have the right to file a claim for compensation under GDPR. You might be eligible for compensation if you think your personal information has been mishandled or lost and you have experienced loss or distress. Cases involving such breaches, however, are not always simple.
You need to provide logical and definitive reports that such breach and leakage has impacted yourself / your organization in a huge negative manner. You need to go through multiple legal details and synopsis to create accurate report. Be sure to include all required email communication, other text based or video based proofs and any other supportive documents.
Can I be compensated?
Typically, compensation is given when it can be proved as a sensitive data – it likely needs to be private information and not in the public domain, provided in a confidential manner to the organization at fault for the breach. The ICO can investigate and determine if an organization was at fault for this damage. Although it might take some time, a favorable decision by the ICO would strongly support your compensation claim. The ICO itself does not provide compensation; in order to receive compensation, you must file a claim with the company whose data was compromised.
You can file a claim against an organization directly without having to go through the ICO or wait for the outcome of its investigation.
However, organizations may take time to process your claim and other respective follow ups. As such, it is beneficial to seek the help of legal professionals in data breaches, such as the specialist team at Graham Coffey & Co Solicitors. They have experienced team and required acumen to help you.