Welcome To The Data Leak Lawyers Blog
We focus on the latest news surrounding data breaches, leaks and hacks plus daily internet security articles.
We focus on the latest news surrounding data breaches, leaks and hacks plus daily internet security articles.
The police have unique rights when it comes to processing and viewing personal information, but that does not mean that there are no limits governing their access to private data. In fact, because they have important legal responsibilities, and the data they can access is so sensitive, it is even more vital that they follow strict data protection rules. Misusing police computers can, therefore, be a serious offence.
We naturally trust the police to keep personal information secure by means of technical cybersecurity measures. Just as importantly, we expect it to be protected in accordance with their assumed integrity and professional standards. When a police officer breaches this duty, the effects can be devastating for those affected, particularly for crime victims in cases where the exposed information relates to a sensitive and traumatic incident.
If you have been affected by a police data breach, you may be entitled to claim compensation for the harm caused. No police officer should be exempt from justice when it comes to data privacy breaches. Your Lawyers, as leading Data Leak Lawyers, are here to help.
NHS test and trace contact centres have been implicated in a security controversy, after concerns were raised that staff have been using their personal email addresses for sending private health data, according to Healthcare IT News.
The test and trace scheme has been subjected to data security criticisms since its beginnings. Some worries look to have been proven right, given that a number of data breaches have exposed coronavirus test results over the past year. With the medical sector already a prime target for hackers, it seems clear to us that more needs to be done.
While the Covid-19 pandemic has challenged NHS staff and resources, it is still unacceptable that data security has been allowed to slip, particularly given that the pandemic has seen a spike in the occurrence of cyberattacks. Where sensitive medical information is at stake, there can be no room for error.
A Chorley Council data breach has recently been reported after it was revealed that thousands of members of the public may have had their details exposed by the local authority. The incident appears to be yet another example of the damage that can be done to information security when employees make misjudgements.
Unfortunately, the incident at Chorley Council is only one in a long list of data breaches to have been caused by human error at local government bodies generally. Councils like Chorley should be striving to break with this trend, but there has unfortunately been little progress in terms of data protection it seems.
In the UK, all third-party data controllers are obliged to comply with the GDPR in their protection of the information that they hold and process. If they fail to do so, they can be held accountable, and those affected may have a right to make a compensation claim.
The news of a Pembroke College data leak has recently been reported after it emerged that private details relating to the college’s alumni were made vulnerable to unauthorised access. Users with access to the college’s single sign-on system were reportedly able to access extensive personal information on the former Oxford University students who were hosted at Pembroke College, according to Cherwell.
All organisations that process and store personal data have a legal duty to protect it in accordance with the GDPR. Where they fail to do so, they can be held liable for a data protection breach. In some cases, the affected victims can also be eligible to make compensation claims for the harm caused.
Although it appears that the alumni information was not exposed outside the organisation, the incident at Pembroke College nevertheless demonstrates the problems with failing to manage data access appropriately.
The vital crime-fighting function of the police means that they are allowed to request, process and use much more data than most people would ordinarily disclose to a third party. Many trust the police to handle the information that they are given access to with caution and respect, only requesting and viewing it when absolutely necessary. However, there are unfortunate examples of police using data without consent, abusing their powers to view or use information inappropriately.
Police officers are not above data protection law and this is important to remember. It may be that certain allowances are granted to them in accordance with the GDPR, but they are still bound to certain restrictions.
As such, those who are affected by police data breaches may be entitled to claim compensation for the harm caused.
A former Wiltshire Council social worker has reportedly been taken to court over a “serious breach of trust”, having been found to have accessed sensitive information without reason or authorisation.
As a social worker, the individual in question was granted certain data access privileges. It has been reported by the Gazette and Herald that she abused her position in a way that could have put the privacy and safety of vulnerable people at risk.
Social workers naturally have a high level of trust invested in them, so it is understandable that there is a no-tolerance policy for any employees who breach this trust. Social services data breaches like this can have severe consequences for those affected, particularly where vulnerable minors are involved, as their personal details often must be kept under highly restricted access in order to protect them from abusive adults. We represent people for these kinds of cases quite a lot. As such, it is essential that anyone who threatens to compromise the need for data protection is punished accordingly.
It has recently been confirmed that a former Hampshire police officer has been reportedly banned from ever entering the police service again after it was found that he accessed private records without a valid policing reason. The Special Constable in question is understood to have resigned from his position before superiors could dismiss him for his data snooping.
While police officers are granted information access to records and details that are needed for casework, they are not authorised to view or use information outside of their policing workload without any good reason. Campbell violated his professional duty by accessing information without a legitimate reason, reportedly only browsing the records due to “curiosity”.
Regardless of the motives of the Hampshire police officer, there is no excuse for breaching data protection law. We trust the police service to maintain strict control over personal information, so it is important that any officers who breach the duty they owe to the public are held accountable for their actions.
In many cases, data protection breaches arise as a result of human error. A CybSafe analysis of data breaches reported to the ICO found that 90% of UK data breaches in 2019 were caused by user mistakes. The employees responsible for cybersecurity would, therefore, seem to be failing to adhere to data protection law, but there is much more to it than that.
Despite the high incidence of human error, it is employers who bear the ultimate responsibility for upholding data protection at their companies. This can mean that, when a data breach occurs, organisations may be liable to pay compensation. If you have been affected by a data breach caused by an employee, you can still have every right to make a claim and recover compensation from the organisation as a whole.
Despite looking up private police records without authorisation, a Detective Sergeant has recently evaded dismissal following a misconduct hearing. In the Northamptonshire detective data breach case, the Detective Sergeant reportedly looked up the details of a woman with whom he was engaging in an extra-marital relationship with at the time, who was involved in a case he was working on.
His actions reportedly amounted to misconduct, so the Northamptonshire Police appear to be sending mixed messages by not taking the matter any further. The police can, and often do, dismiss officers for similar offences, but this officer’s acceptance of the accusations against him, and his standing in the force, seem to have allowed him to avoid further consequences.
Police data breaches like this should be treated with the severity that they merit, taking account of the potential damage such actions can cause. Police services cannot afford to let employees off lightly for breaching data access regulations, as doing so could risk compromising the force’s reputation and its overall data security and integrity.
NHS CCTV cameras have reportedly been embroiled in a hack affecting security footage across the globe, after security company Verkada is understood to have been breached by hackers. It is said that live streams for as many as 150,000 Closed-Circuit Television (CCTV) cameras may have been viewed by unauthorised users.
Serving organisations include prisons, general businesses, schools and even psychiatric hospitals. The breach of Verkada’s cameras may have exposed the identities of many people working in, living in, or visiting affected institutions.
It is unclear exactly which feeds hackers may have viewed and what they gleaned from the footage, but it is nevertheless worrying to learn that a security firm has been subjected to such a wide-reaching breach. There is currently no evidence that any NHS camera feeds were viewed by hackers, but Verkada lists the NHS as one of its clients on the company website. Hackers have also claimed that they have been able to access the cameras of any of the affected organisations.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
