In accordance with the GDPR, the General Data Protection Regulation, UK businesses and organisations have a variety of obligations they must abide by to ensure they process and store personal information appropriately. However, the nature of the business world can often mean that companies do not have sole responsibility for their data. Relationships with external partners and contractors can mean that outsiders are also granted access to private information. Where these external companies or individuals fail to protect this personal data, third-party security breaches can occur.
Many businesses are still struggling to catch up with their legal responsibilities and to update their own data protection policies, but that does not mean they can ignore the policies of their partners. In fact, it is essential that data protection is a priority in any business relationship, and companies must consider how well their partners can protect personal data before disclosing it to them.
If you have been affected by a data breach, you could be eligible to claim compensation for the harm caused, even if it was provoked by the errors of a third party. Anyone who is considering a claim can come to us for free, no-obligation advice on their case.
Third-party security breaches – how can they occur?
When you disclose your information to a company, it is often the case that organisation alone will not be the only third party with access to the data. For example, they may outsource their IT provision to an external, specialist company, allowing this provider to access their databases in order to maintain and secure them. As such, the security of a company’s systems and data can be compromised in third-party security breaches.
One example is the Ticketmaster data breach, in which an issue with a chatbot provided by a company called Inbenta Technologies resulted in customers’ online payments being compromised.
In another incident, which is of particular concern to us as data breach solicitors, Manchester Police suffered a third-party security incident. It was revealed that sensitive information belonging to the force had been made freely accessible on a website involving an IT provider operating abroad. The information leaked is understood to have included the names and details of sexual assault victims.
Who is responsible for third-party security breaches?
While it may seem more difficult to establish who is to blame in third-party security breaches, we can assure you that the question of responsibility is usually straightforward. If you have disclosed your information to a company, they can ultimately be responsible for ensuring it is protected, and ensuring their third-party partners are compliant with data protection law is key to this protection.
Claiming compensation for a third-party security breach
We can take on compensation claims for those affected by third-party security breaches. In accordance with the law, data breach victims could be entitled to claim compensation for the distress provoked by the incident, as well as for any losses or expenses.
If you think you may have a claim to make, contact our team for free, no-obligation advice, and we may even be able to offer you No Win, No Fee representation. We have been representing clients for privacy matters since 2014, so you can be confident that we have the experience needed to lead your claim to fruition.