Data breaches and encryption

Given the continually large volumes of incidents that are happening, it’s important to approach the subject of data breaches and encryption.

In some cases, leaks can happen due to human errors or system problems. Some hacks may take place because 100% effective defence is a hard thing to achieve. This doesn’t excuse an organisation when it comes to their responsibilities, but it’s important for them to understand that it’s about more than just trying to stop incidents; it’s also about preventing damage.

And that’s where encryption and even basic levels of protection is king.

Data breaches and encryption: hand-in-hand

The prevention of data breaches and encryption use are important elements to put together. They should go hand-in-hand so that an organisation is doing all that they can in order to prevent damage being done.

Organisations should have a proper cybersecurity defensive structure in place, and they should make use of technology that’s specifically designed to protect data. Using systems and communication methods that encrypt messages and information within a network can help to prevent information being stolen or exposed if a network is breached.

The same goes for servers and machines within an organisation that we all rely on, as well as data stored within a network and / or on a cloud server. If organisations are serious about protecting themselves from data exposure, they must deploy the infrastructure that’s needed to protect the data that they store and process.

Are businesses doing enough?

It’s not just about data breaches and encryption; it can also be about data breaches and simple ways of protecting data; like password-protection. Sometime earlier this year, I recall hearing about a statistic that perhaps fewer than 30% of businesses use encryption. If we look at this as a kind of benchmark, it’s worrying.

Although password-protection and encryption are different things, even at the most basic level, we can password-protect word documents, excel files and PDFs. In fact, we do this with some of our sensitive cases and where we believe it’s necessary for sending sensitive information electronically. Many medical organisations like hospitals and GPs that we retrieve records from for cases password-protect their CDs or files that they send to us.

It’s so simple to put these basic levels of protection in place, although as we always advise, strong and unique passwords must always be used. If something happens, like a file being emailed to the wrong person by accident, these simple and effective forms of protection could prevent the damage of a data leak.

Claiming compensation

When it comes to our approach for a claim, we do look at data breaches and encryption, and whether any kind of encryption should have been in place. If encryption could have prevented information exposure then this can be another tool in our legal arsenal that we use to establish that an organisation is labile to compensate you.

At the very least, particularly personal and sensitive data should always be protected in some way. Data breach compensation amounts can be considerably high when the information exposed is personal and sensitive. This is the kind of data that should always be fully protected, although we would argue that all organisations should ensure that their infrastructure protects the data they store and process.

Where they fail to do so, victims of a breach, leak or hack can be entitled to make a claim for compensation with us.

Gaming app data breaches

Understanding the real impact of a medical data breach