What actually counts as a data breach?

1

A data breach, according to the GDPR, is ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data’. This can include breaches that have resulted because of accidental or deliberate causes. Also, a data breach can be more than simply the loss of personal data.

Examples of personal data breaches include:

· Unauthorised third-party access

· Accidental or deliberate action (or lack of action) by the company controlling or processing your data

· Sending personal data to the wrong recipient

· Computing devices that contain personal data being lost or stolen

· Altering personal data without the owner’s permission

· Availability of personal data being lost

A personal data breach can be loosely defined as a security incident that has impacted the confidentiality, integrity, or availability of personal data. Therefore, a data breach will happen whenever any personal data is inadvertently lost, destroyed, corrupted, or disclosed, if someone accesses the data and passes it on without proper consent, or if the data is made unavailable and this will lead to significant negative effects on the owners of the data. If you think your information has been involved in a breach, you could be entitled to claim data breach compensation.

Some more specific examples of what would be considered as a data breach are:

· A fire that has caused paper records to be lost, if the only copy of the data is kept on paper

· A hard drive containing the only copy of the person’s data with no existing backup has been erased

· An accidental update of a database that results in incorrect data being written on an individual’s records

· Inadvertently emailing a list of customer bank account details to the wrong recipient or emailing it at all in general

· A hacker accessing the computer network and stealing customer data

· An untrained, incompetent, or malicious staff member introducing errors into personal data stored about individuals or deleting records

· A staff member maliciously copying customer data and selling it to a third party

How can data breaches be avoided?

There are many precautions that companies and organisations can do to protect their customer’s personal data. For example, having sufficient encryption is extremely important as it should prevent hackers from identifying the individuals within the data. Encryption is reasonably priced nowadays and generally built into modern operating systems and most hardware, so it is a must have for anyone who collects and stores personal data.

Another way data breaches can be avoided is by ensuring that as few items as possible include personal data, except for details that are essential. For instance, a lot of organisations might have large catch all reports that they will use for things like sales reporting. Those reports often include columns for all the data you hold on a person, so it can be looked at and anything you wouldn’t need for a sales report like the individual’s date of birth or address can be removed.

For individual’s to avoid a data breach, you can ensure your passwords are more complicated and don’t use the same one for multiple accounts. Check that your software on all devices is the most up to date as possible. Be mindful of what details you are sharing on social media for example, and try to provide as little information as you can.

What can you claim data breach compensation for?

Every data breach is different, but there are certain things that you can claim compensation for when your information has been breached.

Financial loss

This is the most obvious thing you can claim for as when your data is breached, criminals might make payments using your bank/credit cards, apply for credit in your name, access your existing accounts, or even open illegal bank accounts in your name. You are entitled to receive compensation for any financial losses you experience as a result of the data breach.

Emotional distress

A data breach can have a serious negative effect on a person’s mental health as it creates a great deal of stress and anxiety. Following a privacy violation, the victim may be diagnosed with psychological conditions or existing mental health conditions can be exacerbated.

Loss of privacy

Personal data is very valuable, there is no mystery as to why it is often found on the dark web after it has been stolen in a breach. Organisations should be held accountable for failing to protect your data privacy.

Contact Keller Lenkner today if you suspect your data has been part of a breach. Our expert team of lawyers help people make successful claims for compensation after their information has been stolen, lost, or misused.