We’ve taken cases on with our No Win, No Fee policy for victims of the recent Police Federation of England and Wales data breach incidents.
The cyber attacks that hit the PFEW took place in March 2019; the first on 9th, and the second on the 21st. Neither were thought to have been specifically targeting PFEW and are understood to have been part of a wider malware incident.
PFEW has confirmed that they’re unable to rule out that information has been exposed. As they’re unable to rule it out, we can take claims for data breach compensation forward for anyone suffering distress as a result of the incident. There could be as many as 120,000 police employees that have been hit by the breaches.
Action has been taken in the wake of the massive Marriott cyber attack that was revealed last year, both here in the U.K. and in the U.S.
In the U.K., victims may be entitled to make a claim for data breach compensation if you were one of the 500 million people affected. If you’re a resident in England or Wales, we can represent you for the case. A claim is separate to any enforcement action and fines that may be issue by the ICO (Information Commissioner’s Office). Those fines alone could end up in the hundreds of millions.
As well as claims and fines, testimonies and apologies took place last month as well. Here’s the latest.
An inquiry from the Digital, Culture, Media and Sport Committee has called for greater Facebook regulation to shift the power from the corporations to the people.
Recommendations include an independent regulator that could be responsible for enforcing an ethical code of conduct that all tech firms must adhere to. They could also be handed powers to bring legal proceedings for breaches and enforce new rules for tech firms to prevent and remove disinformation, false news and harmful content.
The inquiry was launched off the back of the Cambridge Analytica scandal and also focuses on the misuse of personal data as well.
The Equifax data breach fine issued by the Information Commissioner’s Office (ICO) has hit the maximum limit of £500,000.00.
The 2017 Equifax data breach resulted in some 700,000 UK citizens put at risk from data exposure. In total, around 15 million records were actually compromised.
This was a major breach for a number of reasons. Firstly, it was preventable; taking place because an employee failed to patch a known security vulnerably. Secondly, because the damage could have been lessened had Equifax have had proper systems in place to spot such a breach. Thirdly, because of who Equifax are. This is a company who is a credit-reference agency. The fact that a data breach has happened to them is incredibly worrying.
Are we seeing an increase in GDPR data breach instances since the new rules came into force in May 2018, or is it just a case of more reporting?
According to recent research, reports of GDPR data breach incidents more than doubled between May, which saw the new rules come into force on 25th, and June 2018 the following month. Does this mean that incidents massively spiked and increased during that short period of time, or are organisations so in fear of the new rules that they’re reporting every little breach that may be happening?
The results are what we expected.
It’s important for people to know their data protection rights, and CCTV and GDPR considerations is a new thing for people and organisations to consider.
It has been suggested that many do not know that GDPR has an impact on CCTV since the new changes in power came in to affect in May 2018. CCTV is, after all, widespread – really widespread – throughout the UK. It’s now also commonly used by organisations in the office as well as outside an office for security, and is typically used on-board commercial vehicles, largely for security, legal and health and safety reasons.
But, what about the relationship between CCTV and GDPR?
A key question right now is whether there is a Ticketmaster GDPR fine on the horizon. With the Ticketmaster data breach being the big data news recently, what punishments are they set to face?
We’ve already taken cases on for victims of the Ticketmaster data breach, and although any fine or penalty issued by the UK’s data watchdog, the Information Commissioner’s Office (ICO), is independent of the legal action we’re taking, we’re closely monitoring the ICO developments.
Given the dates that the data was exposed, they could be set for a GDPR fine, and we think this would be justified.
Should the ICO have greater powers? This is one of the many questions being asked as we continue to swim through the wreck of the Facebook / Cambridge Analytica data scandal.
It’s understood that the UK’s Information Commissioner’s Office (ICO for short) were in the midst of complex investigations surrounding the use of data in political campaigns when the scandal broke. The ICO are asking for greater powers to allow them to keep up with the pace of developments in such matters, and with the GDPR that came into force last month that empowers regulators to be able to better audit any organisations using data – which, let’s face it, is all of us really – should the ICO have greater powers still?
A former Recruitment Consultant has been fined and criminally charged after he illegally obtained data from a job he left.
According to the ICO’s publication report, Daniel Short left a recruitment firm he had been working for, VetPro Recruitment, toward the end of last year and then established his own company named VetSelect.
With his former employee having concerns about the obvious similarities of the companies, and the fact that they hold the data for more than 16,000 vets and nurses for recruitment purposes, they investigated whether Mr Short had taken any data before he left.
The UK’s data watchdog, the Information Commissioner’s Office (ICO), has reportedly only collected half of data breach fines since 2010.
One of the major problems the ICO is apparently facing is the organisations who are responsible for the data breaches going into liquidation and avoiding large fines, which the ICO has little power to stop. Despite the ICO asking the government for the power to enforce fines against company directors, something the government reportedly said they would look at in 2016, they remain unable to pass fines on to bosses, leaving a large loophole in the data breach justice system.
The ICO has issued “record fines” over an illegal trade of personal data that involved “rogue private investigators” illegally obtaining financial information for an individual who’d claimed on an insurance policy for a fire at a business premises they owned.
A director and a senior member of staff, together with the private investigators, have been hit with record fines for unlawfully obtaining and disclosing personal data. The investigation reportedly started in 2013 when the Serious Organised Crime Agency passed over a list of ‘blue chip’ clients of criminal private investigators to the ICO.
The WhatsApp agreement to stop sharing data with Facebook was hailed as a success for data protection rights when the UK Information Commissioner’s Office (ICO) investigated issues over consent for the sharing of data between the two platforms.
WhatsApp signed an undertaking (a formal agreement / promise) to confirm they would stop sharing data with Facebook until they could do so in compliance with this month’s GDPR changes.
Facebook acquired WhatsApp in 2014, but a move like that does not automatically allow for consent to share data.
Read More “The WhatsApp agreement to stop sharing data with Facebook”