Businesses and individuals alike are at a growing reach of having their data compromised. Recent statistics from IT Governance reveals a concerning trend, with reported security breaches increasing by 11% from 1,120 cases in 2020 to 1,243 cases in 2021. These breaches have exposed a staggering 5.13 billion records containing sensitive information. This is, in part, due to the fact that organisations and private citizens can both be vulnerable to data breaches.
So, what should you do if you find yourself in this situation? Following a data breach, it’s vital to take immediate action to protect your interests.
Data protection responsibility for organisations
In the UK, the responsibility for safeguarding personal data privacy and enforcing data rights in the public interest lies with the Information Commissioner’s Office (ICO). The ICO is tasked with enforcing the Data Protection Act 2018, which closely aligns with the EU’s General Data Protection Regulation (GDPR). This legislation lays out specific principles that organisations, businesses and government bodies must follow when handling personal data.
The ICO places responsibility on data holders and is the first port of call for those whose data has been breached. Once the ICO has been notified, further legal action can be taken.
Reporting a data breach
By law, any data breach must be reported to the ICO within 72 hours of discovery. This is a critical step in initiating a thorough investigation by the ICO to identify the root cause of the breach, and ensure that all parties have fulfilled their legal obligations. Failing to report a breach promptly may reduce the chances of recovering lost personal data.
However, it’s advisable to consult legal professionals, as they can ensure a comprehensive investigation of the breach and protect your rights as a data subject. This will also provide you with a better understanding of your rights if a data breach is confirmed, increasing your chances of receiving compensation if the organisation responsible for your data is found to be at fault.
Documenting the data breach
Keeping a detailed account of the incident is essential for those who plan to or later decide to make a data breach claim, as this documentation will serve as valuable evidence during the process. The ICO requires records that include a timeline of events, details of individuals involved, and the corrective actions taken in response to the breach.
Any reports generated by investigating bodies can substantiate the claim, but you will need to show the impacts that the breach has had on you in order to get the right amount of compensation for your losses.
Containing data breaches
As soon as the breach becomes known, the organisation responsible must take immediate steps to recover the data and prevent future breaches. This could involve requesting the removal of shared critical information, identifying the source of the breach, and remotely wiping stolen digital assets.
Depending on how the organisation conducts itself in this phase, the impacts on individuals may be made worse, and this can leave the organisation further liable for legal action.
Understanding your legal rights
If you suspect that your data has been mishandled or inadequately secured, it is essential to alert the relevant organisation so that they can take corrective action. If you are not satisfied with their response or believe that further action is necessary, you should report the matter to the ICO.
Under the Data Protection Act 2018, if an organisation breaches data privacy regulations and causes you harm, you have the right to file a compensation claim. It’s important to note that you do not have to go through the ICO or wait for the conclusion of its investigation to file a claim directly against the responsible organisation.
Compensation claims
Organisations can be held accountable for data breaches, particularly those involving sensitive data such as financial or medical information. In such cases, you should seek legal advice from experts specialising in data breach claims to assess the strength of your claim.
While the ICO can investigate data breaches and establish legal responsibility, a favourable ICO verdict that the other party misused your data can significantly bolster your compensation claim, even though it may involve a lengthy process.
If you have suffered tangible losses due to a data breach, you have the option to file a claim directly against the responsible organisation. However, keep in mind that organisations may try to downplay their data security obligations or withhold information. Therefore, seeking legal guidance from experts in data breaches ensures that your rights are upheld and your claim is thoroughly investigated.
