Book a free consultation

Protecting Yourself After a Data Breach: A Guide

In this article, Ruby Keeler-Williams of Elysium Law aims to clarify what your first steps should be if you have been affected by a personal data breach.

In recent years, data breaches have become increasingly common, and unfortunately, any individual is at risk of falling victim, however carefully they safeguard their data. If you have recently suffered from a breach of your personal data, it’s important to understand what steps you should take to protect yourself and your data.

6 Essential Steps to Take After a Personal Data Breach

  • Gather all the information related to the breach. This includes any emails or messages you’ve received about the breach, the type of data that has been compromised, and any other relevant details that may help in identifying the extent of the breach.
  • Contact the company or organisation responsible for the breach. They have a legal obligation to inform you of any data breaches that occur, and they should be able to provide you with more information about the breach and how it occurred. You can also ask them what steps they are taking to prevent future breaches and what measures they have put in place to protect your data.
  • If you’ve suffered any financial loss or identity theft as a result of the breach, you should report this to the relevant authorities immediately. In the UK, you can report these incidents to Action Fraud, which is the UK’s national fraud and cybercrime reporting centre. They will investigate the incident and provide you with advice on what to do next.
  • Consider contacting CIFAS, a not-for-profit organisation that offers protective registration services to help protect individuals from identity theft. This involves placing a warning flag on your credit file, alerting lenders to the potential risk of fraudulent applications.
  • Monitor your bank accounts, credit reports, and any other financial information for any unusual activity. If you notice anything suspicious, you should contact your bank or financial institution immediately.
  • You may be entitled to compensation for the damage caused by the breach. You should seek legal advice from a reputable law firm that specialises in data breach claims to determine whether you have a case and what steps you should take. Elysium Law have extensive experience in these matters and can assist you with this.

In conclusion, data breaches can be stressful and overwhelming, but there are steps you can take to protect yourself and your data. By gathering information, contacting the relevant authorities, monitoring your financial information, and seeking legal advice in addition to protective registration services from CIFAS, you can mitigate the damage caused by a data breach and protect yourself from future incidents.

If you have been affected by a Data Breach, please call Elysium Law via 0151 328 1968 or contact us via clerks@elysium-law.com to see if we can assist you.

AI and Data Privacy: The Increasing Risk of Personal Data Breaches

In this article, Ruby Keeler-Williams of Elysium Law considers whether the recent developments in Artificial Intelligence have increased the risk of data breaches.

I was recently asked whether the recent developments in AI, particularly in relation to deep learning, and natural language processing have increased the risk of personal data breaches.

In my view, whilst AI will undoubtedly transform the way we live and work (in the legal profession alone, Allen & Overy have announced the use of an OpenAI developed prompt based generation tool, which I imagine will revolutionise how legal research and drafting is performed), it also poses unique risks and challenges when it comes to data privacy and security.

One potential risk is the use of AI in data processing. As AI algorithms become more sophisticated, they can be used to process vast amounts of data quickly and accurately. However, this will inevitably increase the demand for personal data as a ‘product’, meaning that increasing amounts of data will be collected and processed by companies. This will inevitably increase the risk of a breach of data, as the volume of data stored in systems vulnerable due to outdated software or hardware, or with unpatched vulnerabilities will only increase. The impact of a human error can also never be understated.

However, of particular interest is the potential, following the developments in natural language processing, for ‘Phishing’ scams to become more sophisticated and difficult to identify. NLP powered phishing scams have the potential to be particularly convincing because they can mimic human language and behaviour more accurately and, perhaps more pertinently, in a manner personalised to that individual. There is the potential for criminals to use NLP algorithms to analyse an individual’s social media activity, emails, or messages to create personalised, targeted phishing messages that appear genuine. The use of language will also inevitably make the messages more difficult to detect by traditional spam filters.

It has never been more important for individuals to be vigilant and cautious when receiving messages or emails that ask for personal information or include suspicious links or attachments. Businesses and organisations must also ensure that appropriate security measures are implemented to mitigate the risks posed by NLP-powered phishing scams. This should include training employees to recognise and report phishing attempts, implementing spam filters and firewalls.

If you have been affected by a breach of your personal data, please call us on 0151 328 1968 or contact us via clerks@elysium-law.com to see if we can assist you.

Data Breach: What Are My Rights

In this article, Ruby Keeler-Williams of Elysium Law considers the consequences of a personal data breach and what rights you have. The article briefly looks at the legislation and considers quantum and case law.

The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 set out rules as to how data is collected, used, stored, and protected.

Under the legislation, any organisation which holds and determines the purpose of the processing of personal data must implement appropriate technical and organisational measures to ensure that the processing of personal data complies with the rules.

A breach of personal data can occur if appropriate measures are not in place. A breach of security may lead to the destruction, loss or unauthorised access to personal data.

This infringes your rights as an individual and can have serious consequences. We have been instructed on matters where a breach in the security of a company led to the unauthorised disclosure of employee identity documents and bank details. These details were then distributed to criminal groups and companies were fraudulently set up in the employees’ names.

If a company that holds your data processes it in breach of the legislation or holds your data in such a way that it is disclosed in an unauthorised way, whether accidentally or deliberately, then you are entitled to claim for compensation.

If your claim is successful, you will receive damages, also known as compensation. You will be able to claim for any identifiable losses which have arisen from fraudulent transactions caused by identity theft. You will also be able to make a claim for general damages if the breach in your data has caused you distress. We will discuss your case at length and identify which damages are relevant to your specific matter.

Your level of compensation will depend on the nature of the data breached. If the data breached does not contain sensitive information (such as name alone) and/or is quickly remedied, then whilst you have a right to claim, in reality the claim will be worth very little and may not be worth pursuing. It is for this reason why you should seek legal advice at the earliest possible opportunity.

Decisions in recent years illustrate that the High Court will not condone claims that are exaggerated and unnecessarily complex. An example is Stadler v Currys Group Ltd [2022] EWHC 160 (QB), whereby a refurbished device was resold without a factory reset to remove the previous users purchase details, leading to a £3.49 purchase being made on the user’s account. The Claimant issued high court proceedings seeking £5,000 in damages for breach of confidence, misuse of private information, negligence and breach of data protection law, seeking injunctive relief. The defendant made an application to strike out the claim and was successful save for the breach of data protection law. The judge also transferred the claim down from the High Court to the County Court and suggested that the small claims court was the appropriate allocation.

In some cases the data breached is sensitive, such as medical records, identity documents, bank details, etc. In these cases, there will be a substantial claim for damages.

Due to the relatively recent developments in technology and the sensitive nature of such claims, there is limited case law detailing the quantum of awards of damages. Many cases settle before they reach the courts. Each case will be assessed on its own merits and due to the individual nature of a claim for distress, a group of individuals who have suffered the same category of data being breached may receive different awards.

Generally, damages for breach of data will be awarded within the following guidelines

  • Personal details (home or email address, date of birth, etc) – £1,000 to £1,500
  • Medical information (depending on who it is disclosed to/the nature of the information) – £2,000 – £5,000
  • Financial information (depending on who it is disclosed to/the nature of the information) £3,000 to £7,500

If you have suffered as a result of a breach of your personal data, please contact us via telephone on 0151 328 1968 or via email at clerks@elysium-law.com to have a discussion with the team. We will have a free, no obligation discussion with you to help determine the merits of your claim and can advise you on the next steps if you wish to pursue it further.