Welcome To The Data Leak Lawyers Blog
We focus on the latest news surrounding data breaches, leaks and hacks plus daily internet security articles.
We focus on the latest news surrounding data breaches, leaks and hacks plus daily internet security articles.
GDPR fines and compensation claims for victims are two separate things with separate avenues for recovering money in either case.
Although the GDPR means that fines can now hit the millions, none of that money is designed to be for the victims. Money recovered from financial penalties will normally end up in the treasury with other general government funds like taxes and fines. It can then be used for government spending.
When it comes to justice for victims, you can speak to us about a separate legal action where you can bring a claim for data breach compensation.
The Dixons Carphone data breach fine has been formally issued by the Information Commissioner’s Office (ICO) for the maximum amount possible under the previous rules.
The cyberattack took place between July 2017 and April 2018, meaning the Data Protection Act 1998 applies as opposed to the GDPR that came into force just a month later. As such, the maximum fine that the retailer could face was £500,000.00, which is what the ICO has issued. Had the attack have continued into the GDPR era, they could have faced fines in the hundreds of millions of pounds mark.
We’ve been representing victims of this data breach for some time now as expert data protection compensation lawyers with a wealth of experience in large consumer actions. As we know a great deal about this breach as it’s one of our live actions, we’re not surprised by the findings and the maximum fine being issued.
It’s official: the first GDPR fine in the UK has been issued to Doorstep Dispensaree for data protection breaches that spanned across a two-year period.
This one involves medical data, which is some of the most personal and sensitive forms of data that there is. Medical data breach compensation claims account for a large proportion of the legal cases that we take forward because of how common they can be, and because of the impact on victims. The impact is often severe because this is the kind of information that we do not want to be misused or exposed.
The breach period, in this case, is between June 2016 and June 2018, which means that it just falls within the GDPR start period from May 2018. The Information Commissioner’s Office (ICO) was reportedly alerted to the breach by the Medicines and Healthcare Products Regulatory Agency (MHRA) who were conducting unrelated enquiries.
If you have been the victim of a social care records data breach, you may be entitled to make a claim for compensation with us on a No Win, No Fee basis.
One of the most common types of individual legal cases that we represent people for involve councils, and a large volume of them relate to social care information. Social care data can be incredibly personal and sensitive which is why we find that data breach compensation pay-outs for these kinds of incidents can be quite high.
Victims should always know their rights. An apology isn’t always enough, especially when the data that has been exposed or misused is sensitive, which can often be the case when it comes to social care data.
In the same way that fines can be far higher, will we also see higher GDPR compensation amounts since the new law came into effect in May 2018?
Although data breach compensation amounts are still based on the individual impact to the victim, and this hasn’t changed since GDPR, the new laws can make brining a claim an easier thing to do. The law is more stringent than the previous Data Protection Act, so there can be more avenues for people to be able to claim. And the recent court case victory has also paved the way for people to be able to launch a claim even if they haven’t suffered any distress or loss at all.
The difference in fines is, of course, monumental. We have already seen the power that regulators now have to ensure data breach offenders are properly punished.
Human error data breaches remain one of the number one causes when it comes to data protection incidents, and it’s important for victims of these kinds of breaches to know their rights.
The important thing to know is that it doesn’t stop you being able to claim if the cause of a breach stems from an error by a human. The organisation that employs the person can be held liable for a legal case, and in this article, we’ll explain why.
It’s not an acceptable excuse for an organisation to simply try and defend a claim on the basis that the fault lies with a human.
The Information Commissioner’s Office (ICO) has issued a fine in the wake of a documentary that was filmed that led to the Addenbrooke’s Hospital data breach relating to patient consent.
London-based production company behind the filming, True Visions Productions (TVP), were fined £120,000.00 for unlawfully filming in a maternity clinic. As the incidents took place before GDPR, they have been fined in accordance with the previous rules where maximum fines could reach up to £500,000.00; unlike the recent record-setting fine of £183m issued to British Airways.
Filming took place between 24th July 2017 and 29th November 2017 and ceased following complaints received by the ICO. The ICO said: “A patient attending the clinic would not have reasonably expected there to be cameras in examination rooms and would expect to be made aware of any filming.”
We represent people for police-related data incidents, and with this in mind, here’s a number of reasons as to why the recent Eurofins data breach is a worrying one.
In case you’ve not heard of this one, this relates to an organisation that the police outsource forensic work to. Eurofins reportedly process more than 70,000 cases per year, and deal with DNA analysis, toxicology, ballistics and computer forensics. As such, they can be at the heart of investigations into serious crimes, including murder, sexual offences and terrorism.
Worryingly, they were recently hit by a ransomware attack. This has led to a number of concerns about the security and quality of the work they carry out, and has caused significant disruption to police investigations.
The recent record-setting British Airways and Marriott fines that are to be enforced by regulators show the importance of cybersecurity to prevent breaches, and justice for the victims when an incident occurs.
What we saw was two major organisations whose systems were breached when we should be able to expect big corporations to protect our data. We should be able to safely assume that these large, wealthy organisations can – and will – invest in solid cybersecurity. But both have undoubtedly fallen short, and the result is huge fines and claims for compensation for the victims.
The levels of the provisional fines to be enforced shows how seriously the Information Commissioner’s Office (ICO) is taking breaches of GDPR. The compensation actions that we represent people for are the way forward when it comes to justice for victims, which is not accounted for as part of regulatory fines.
A number of people have been unsure as to how the £183m BA GDPR fine works in relation to compensation. They are two separate things, and here’s how it works.
Firstly, the record fine is the current proposal, and British Airways and their owner (IAG) can appeal the decision. Whether any appeal will be successful remains to be seen, but crucially, this is not yet the final fine. However, there will likely be a fine. Even if an appeal is successful, we expect that the Information Commissioner’s Office (ICO) is still going to issue a fine.
In terms of compensation, this is dealt with separately as part of a pending group action that you can sign-up for here.
EasyJet admits data of nine million hacked
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
