What is the Data Breach and why it is so important?
Constant improvement of digital services makes life easier and better, however, have you ever thought that your personal data is not safe and can be breached when you shop online or transact electronically? The data breach is often misunderstood and may seem like a minor issue, but its consequences can be significant. According to recent research, the problem of a personal data breach is much more common than most people think. 1 out of 3 people become a victim of a personal information breach. Due to this fact, we decided to explain what is a data breach, how does it happen, what to do if your data is leaked and what rights to compensation you might have.
What is a data breach?
A data breach is an incident when a person’s confidential, sensitive or protected information is lost, destroyed, accessed or disclosed in an unauthorized way to an unauthorized person.
Types of Data Breaches
There are many types of a data breach that include loss and theft of bank account or credit card numbers, passwords, email, your medical records and Social Security number.
As a common example, the cybercriminals can steal your personal data to gain access to your bank account or set up fraudulent bank accounts. Your personal information collected and processed by the third parties, such as providers of services and retail stores, can also become a subject to breach and unauthorized disclosure. The above means that you may not even be aware of your data security rights have already been violated.
How do Data Breaches happen?
The Data Breach can happen due to various reasons, whether as a result of an accident, such as a human error or improper way of running a business, or deliberately due to cybercrime. We will review the most common scenarios of the data breach.
- Physical access. Usually, when we think about the unauthorized access and breach of personal data, the first thing that comes to our mind is the hacker attack. However, there are many widespread cases when people’s phones and laptops are lost or stolen. In this case, unauthorized persons can gain physical access to the information stored on your devices. The best way to secure yourself, in this case, is to install the additional encryption for your device and set the authentication, that requires entering passwords to gain access to separate folders and email box.
- Data mishandling. These are the cases when the information transferred, stored, shared and processed without adequate precautions.
- Human error. In simple words, everyone does mistakes as this is an inseparable part of life. Imagine, you were not focused and send the email to the wrong recipient or provided access to the data on your laptop to the recently installed software, which you hadn’t heard about before. In this case, we suggest you paying additional attention when choosing the recipients while drafting the emails and carefully read all agreements before installing the software.
- Social engineering. To illustrate this, try to remember how often you use the same login and password for the different resources. Usually, users have two or three combinations, which they use, and in the majority of cases, the login and password contain fully or partially the real name or date of birth. Thus, by obtaining your login and password, criminals can imperceptibly gain access to your data and records. Victims realize that they become the subject to cyber-attack only after facing their consequences. This may sound obvious but try to use the sophisticated login and password and do not use the same login and password in different recourses.
- Malware. This is a specific software used by the cybercriminals to steal the valuable data, such as the numbers and CVVs of your credit and debit cards, and your login and password to your online banking. As a possible solution to this problem, there are a number of antimalware software on the market, which can reduce the chance of being attacked by malware.
- Hacking. Usually, criminals act according to the same type of scenario and try to find the weakest spot in the system. The breach can be made via your downloads, by guessing your weak password or by exploiting system vulnerabilities. The data breach can occur while you use your computer, mobile device, and smart home products due to the gaping flaws, like lack of encryption, that are the ways the hackers get into the system and access control over the personal data.
Be prepared: learn what to do when a data breach happens
The aftermath of a data breach can cause either direct or indirect damage. As an example of direct damage, we can name disclosing the medical condition, which can potentially cause troubles with your employer or relatives, online purchases and withdrawing your funds from debit and credit cards made by cybercriminals. At the same time, indirect damage also conceals danger, because your data can be sold on a dark web as a part of a "Big Data" or for the purpose of future fraud or other illegal activities of the third parties. All of this may cause stress and problems and you may face the situation when you need to take legal steps to solve these problems and minimize the consequences related to a violation of your personal data rights. To learn more please read our Step by Step Guide: What to do when a data breach happens.
Example: The case of Brandon Reagin illustrates the consequences of a breach of medical data. According to SBS News Brandon’s medical data were stolen in 2014. The criminals used his identity to obtain medical treatment. By the time it was discovered, the total bill for medical servicesto be paid by Brandon reachednearly $20,000.
Know your data privacy rights and how to use your right to compensation when a data breach happens to you
In 2018 the European Union (EU) introduced the General Data Protection Regulation (GDPR). In brief, this is a part of the EU regulation concerning data protection and data privacy regulation. If you are a citizen or resident of the EU, then your personal information is protected by the GDPR. The regulation also applies to the companies that are registered in the EU or provide their services or sell the goods in the EU. The regulation might seem difficult and complicated, but we at DataClaim will help protect your privacy rights and try to put the requirements provided by the legislation in simple words.
The UK has its own personal data regulation called the Data Protection Act. It was introduced in 2018. This Act applies in the UK in addition to the GDPR and extends its provisions.
To summarize, if your privacy rights to personal information have been violated by the private company or the public authority, you may claim compensation for the damage you suffered along with other rights.
The important aspect provided by the legislation is the possibility of claiming compensation regardless of whether or not you have suffered material damage as a result of the breach.
The above definition of the scope of damage implies material damage as a loss of money and non-material as an incurred distress in the form of physical pain and emotional suffering (even without a doctor visit). The scope of emotional distress can be wide and includes negative emotional statements such as fear, sadness, anxiety, depression or grief. The important condition is that the distress is based on your internal emotional feelings and you do not have to provide results of medical or psychological tests to prove that you have suffered the emotional distress.
As an example, in 2013 due to unintentional accident, the UK Home Office published the personal information of 1,600 persons applied for asylum. The scope of breached data includes the name of their lead family member, nationality, age and the stage reached in the family returns process. As a result of such breach, 6 persons submitted claims to a court and successfully got the compensation ranging from 2,500 to £12,500 for each claimant depending on the amount of suffered distress.
How much you can claim for personal data breach
The GDPR and the UK Data Protection Act do not specify the exact range of compensation, and its amount depends on a number of factors taken into account by the judge. The main factors that affect the amount of compensation are:
- the sensitivity of the stolen data,
- the number of people who had access to the breached data,
- the duration of the violation from the moment of the breach to rectification,
- whether you suffered the emotional distress or incurred financial loses.
- If your personal information was sold or misused.
- degree of fault of the company that suffered a breach.
Data Breach Compensation Amount
To give you an idea of what is data breach compensation amount you can get in case of violation of your personal data rights, we have summarized the statistics of the court practice and settlements in this type of cases (1):
- The first type is the cases related to loss of general personal details such as name, gender, marital status, address, place of work, information about relatives. In this case, the amount of compensation can be in the range between £1,000 and £2,000.
- The second type is the cases related to the leak of medical information. The amount of compensation depends on the amount of distress and sensitivity. In such cases, the amount of compensation can be between £2,000 and £3,500. The amount of compensation may be higher if the victim suffered physical damage due to a deterioration of health related to the disclosure of patients’ information. In such cases, the amount of compensation may be between £3,000 and £5,000 or more.
- The third type is the cases related to theft of financial information, such as credit card numbers, expiry dates and CVV codes of debit and credit cards of victims. In this case, the amount of compensation depends on the fact whether the victim suffered a material loss due to a breach. The amount of compensation in such type of cases can be between £3,000 to £7,000.
Why choose DataClaim?
This is simple. You can try to get your data breach rectified and receive the compensation on your own. However, according to the practice, this is a long and bumpy process without the guarantee of success and requires a lawyer to work on your case. Just submit your claim details and our team will check if your data breach claim is valid and if you are entitled to compensation.
We work on a win-to-win basis, which means that you don’t have to pay us anything in advance (risk-free). We take a percentage fee from compensation paid out to you. To check your data breach claim, please complete this form.