Simple data breaches can sometimes be the worst

In some cases, those small and simple data breaches can actually be the worst; especially when the context of the incident is considered.

It can only take one employee of an organisation failing to understand the rules that can lead to a substantial breach. It can only take just one piece of leaked information to cause significant to distress for the victim as breaches can be very subjective.

Take it from a leading law firm with a proven track record of succeeding with data breach cases that sample leaks, breaches and hacks can cause devastation. Our role is to make sure that anyone – no matter who they are and what the breach is – can access the justice they may be entitled to.

Simple data breaches are often preventable

In many cases, simple data breaches can be incredibly preventable. All it takes is having the right mindset; i.e. the understanding and comprehension of the GDPR and data protection laws at the forefront of every employee’s mind.

Here’s an easy example. This week, we were given permission from a client to refer their name and contact number to one of our third parties. The third party asked if we could also pass along the client’s email address in the event that they were unable to reach them by phone. It took seconds to check the notes from the client file to see that they had only allowed for a name and contact number to be passed across. As such, we advised our third party that we couldn’t pass along the information as we didn’t have consent.

The reason that this was considered is simple. The importance of the data protection act and the sharing of information was at the immediate forefront of the mind.

A common problem

When you look at the example above, it sounds so obvious. However, preventing simple data breaches has proven to be incredibly hard as we often see these kinds of incidents happening for new cases that we take forward for victims.

We may be getting it right, but many others aren’t. And a lot of these incidents involve local councils and their departments, as well as the NHS and other public sector bodies.

It can be such simple events. It can be a council employee giving the telephone number of a resident to someone they thought they were able to. They may not have considered that it could be an issue. It can be a GP surgery discussing the headlines of some treatment to someone else in the patient’s household. It can even be medical matters being overheard when due caution isn’t taken.

Although many people may not be bothered by such incidental breaches, others can be. When it comes to medical data breaches, they can also be significant given the nature of the data involved.

It’s all about context

The impact of simple data breaches can be devastating, as it’s all about the context.

Your telephone number is accidentally leaked to your neighbour, and it may not be an issue. But what if that neighbour is someone you moved away from due to an issue between the two of you? What if they had been harassing you? What if the number went to an abusive ex-partner? In these cases, a claim could be made, and the compensation amount could be significant.

Just a little bit of misused or exposed data can go a long way to causing harm to others. The mindset that all employees must have is one of making sure they understand the law and how to comply with it.

Victims whose information has been misused or exposed can be entitled to make a claim for data breach compensation, and we can help.

Can the ICO investigate the police?

NHS data protection breach compensation advice