What Can I Do If My Data Is Breached?
Our data is stored in dozens, if not hundreds of places – most of them digital. Your personal data includes your name, surname, e-mail address, physical address, medical history, and much more, and all of this information is stored as soft copies, often making data breaches and information leaks easier and possible from remote locations. According to the Identity Theft Resource Centre, over three data breaches take place every day, with millions of personal records being lost or exposed every year.
It would be almost impossible to clear all digitally held data about yourself as this includes banks, medical records, and national identification information. But what do you do if a company mishandles, misuses, or abuses your information, of if your data is breached?
What is a data breach?
Firstly, it helps to understand exactly what a data breach is.
A data breach refers to any misuse or mishandling of personal, private, secure, or confidential data. This includes accessing, using, storing, sharing, and even deleting personal data. In 2018, the UK laid out clear laws regarding data and how it is to be handled in the Data Protection Act. This is to replace GDPR when the UK exits the EU. Any data breach is now considered an offense and companies can face enormous fines for allowing data breaches of any kind.
Common forms of data breach include:
- Lost, stolen, or hacked data
- Businesses failing to hold up-to-date data or failing to update records
- Businesses failing to remove old data or keeping it longer than required or allowed
- Confidential data being made public
- Identity theft
- Credit card fraud or identity theft for credit card applications
- Businesses failing to properly secure data
- Personal information being sent to a third party without consent
- Personal data being copied, stolen, viewed, transmitted, or otherwise used by an unauthorised third party
The severity of the breach also depends on the type of data that has been involved in the breach. Penalties for misuse of a first name or information that does not personally identify you is likely to be treated with less severity than Personal Identifiable Information (PII), bank details, or medical records.
Data breaches can also be treated differently depending on how the breach occurred and what the setting was. For instance, if you are in a social group or club and the captain accidentally CC’d everyone, the penalty (if there is one) will be far less severe than a company-wide security breach where thousands of records are accessed by strangers.
How do I know if I have been a victim of a data breach?
There are times when data breaches occur and the victims are unaware. This is usually because the company is made aware immediately and takes urgent action to fix the breach and secure the data. If this has been the case then the company should tell you about the breach and also inform you of any rights you have regarding making complaints or claims against them.
If, however, you suspect you have been a victim of a data breach but no one has contacted you, then you should try to find the source of the breach. Email leaks can be hard to find as we send countless e-mails constantly, but other data breaches are easier to identify such as medical records or company-specific information such as travel arrangements.
If you have been a victim of a severe data breach then you probably won’t need help identifying it. Identity theft, credit card fraud, and releasing of highly sensitive records or documents will all most likely have immediate and traumatic consequences, including financial loss and severe anxiety.
If you are unsure, but you feel like you may have been a victim of a data breach, contact High Street Solicitors. We are adept in identifying data breaches and can help you to identify yours and understand what it means for you and how you might claim compensation for any damage or injury it may have caused you.
What to do after a data breach
1. Complain to the company or organisation that is responsible
If you know where the breach took place then you should contact the company or organisation where the breach originated immediately. This will not only protect others from experiencing the same thing but will also alert the company so they can protect any of your data that has not yet been accessed. The company will also need to report the breach within 72 hours to the Data Protection Supervisory Authority.
You should always make sure you have records of these conversations, whether they are recorded or written, as you may need them again in the future.
When you contact the company, you can also indicate your expectations for compensation if you have any. You can claim for psychological damage as well as financial damage, but be advised that depending on the company you might battle to get any compensation without proper legal advice and representation behind you.
2. Report to the ICO
The ICO, or Information Commissioner’s Office, is an independent authority that has been established with the sole purpose of upholding information rights. This means that once the company has been reported, the ICO will look at your complaint alongside any other complaints made against the same company and will be able to either force the company to implement change or face penalties of up to £20 million.
The ICO cannot award you compensation, but they can give you valuable data that you might need if you make a claim against the company.
3. Take the company to court
If you are not satisfied with the way a company handles your reported data breach, or if you feel like you should have received compensation, then you should contact High Street Solicitors for legal help. The right legal team will help you to take the company to court to claim compensation for any financial or psychological loss or damage you have suffered.
You can also take a company to court if they refuse to engage with your complaint or if they refuse to agree on the fact that you deserve compensation, or the amount you feel you deserve. At this stage you should definitely consult a solicitor who is experienced in data breaches and who can advise you on how much compensation you can expect.
You will need to put together all the documentation you have proving your claim, including correspondence you might have had with the company, proof of the data breach, proof of loss or damages, and any documentation you might have received from the ICO regarding the GDPR breach. A lawyer will be able to help you compile these documents and organise them so that you have a convincing case and a better chance of a favourable outcome.
How much can I claim for?
The value of your claim depends entirely on the nature of the data breach. If there have been financial implications then your claim will cover your financial losses, but you can also claim for stress and anxiety as well as lost income or work if you were forced to take time off to try and protect yourself against further data abuse.
Most claims start at around £500 and go up no further than £25,000 but there have been cases where 6 figure amounts have been awarded to victims who had to relocate because the data breach made their living situation dangerous.
Our data breach lawyers can help you decide how much compensation you should be awarded based on the type of data breach and your own circumstances.
It is also good to know and remember that if you experienced extreme stress or anxiety because of the data breach, then you are able to claim compensation. Having your data stolen or misused is a violation of privacy and as such it can be traumatic depending on the circumstances. This is not something that is overlooked, and you should know that your psychological as well as your financial well-being are protected by law.
Why choose Angelus Law?
With laws only coming into place in 2018, the area of data protection law is still relatively new and is changing rapidly. That’s why you need a team of lawyers who are familiar with the laws and who have kept up-to-date with changes as they are made. Our lawyers specialise in GDPR cases and have an expertise that will enhance your case and help you receive a favourable outcome from your claim.
Having worked with GDPR breach claims before, we can advise you on if and how your data has been breached, and on how you might make a claim for compensation. We know that the last thing you need after a data breach is more fees and stress, which is why we offer a free initial case assessment to help you decide if you want to take your case to court.
We also work on a No-win, no-fee basis, giving you total peace of mind knowing that all of our support, advice, and representation is aimed at getting you the best possible outcome.