What are your rights if your data has been breached? Discovering that your personal data has been breached can be alarming. However, knowing what steps you can take can help to mitigate any potential damage. In this guide we look at what to do if your data has been breached. We provide practical information on steps you could take to protect your identity, claim compensation and how you could prevent a future breach.
Key Takeaways
- We provide a clear explanation of what a data breach is.
- We include key steps you can take straight away following a personal data breach.
- Our guide examines the role of the Information Commissioners’ Office (ICO), the UK regulator for data protection rights.
- Our guide looks at steps you could take to prevent a future data breach.
- A No Win No Fee solicitor from our panel could help you claim compensation for the breach of your personal data.
If you have any questions while reading this guide, or if you would like to find out if you have good grounds to seek compensation, please speak to us. To begin a data breach claim, please:
- Call 020 8050 3051
- Contact us via our online form.
- Talk to us over our live chat.
Browse Our Guide
- What Is A Data Breach?
- What To Do If Your Data Has Been Breached
- Who Are The ICO And Do I Need To Report The Data Breach
- What Steps Can I Take To Prevent A Data Breach?
- Should I Seek Legal Advice?
- How Data Breach Claims Can Help You
- Get More Information
What Is A Data Breach?
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) a data breach is a security incident which leads to any of the following happening to your personal data.
- Unauthorised access to,
- Destruction of,
- Loss of,
- Alteration to,
- Disclosure of,
Personal data is any information which can be used to identify you on its own or in combination with other information. Examples of personal data may include your name, address, email address or an identification number.
In addition to this, special category data includes information on your ethnicity, race, religion, trade union membership, health and biometric data. This type of data needs extra protection due to its sensitive nature.
Companies, individuals and organisations which process your personal data must protect it in accordance with the UK GDPR and the Data Protection Act. If they have failed to do so, you may have grounds to make a data breach claim.
Could I Claim Compensation For A Data Breach?
In order to make a personal data breach claim, you must show that the data controller or processor failed to comply with the DPA and/or the UK GDPR. These parties have legal responsibilities when handling your personal data.
- A data controller decides why and how (in accordance with the UK GDPR and DPA) your personal data may be processed legally. A data protection officer’s role is to ensure this compliance.
- A data processor is a party acting on behalf of a data controller. They may process data as instructed to do so by the data controller. They must ensure that they put adequate security measures in place.
The failure of one of these parties to comply with legislation discussed in this guide may be considered wrongful conduct.
To claim data breach compensation you must show that:
- Wrongful conduct led to a data breach.
- That this breach affected your personal data.
- That you suffered financial losses or anxiety due to this breach.
Please contact our team for more information on what to do if your data has been breached.
What To Do If Your Data Has Been Breached
Finding out that your information has been involved in a data breach incident may be alarming. A data breach could result in an otherwise unauthorised third party accessing your information.
However, there are steps which you can take to mitigate any damage which may be caused and which could help to protect your information in the future.
Below we look at what to do if your data has been breached.
Find Out What Data Was Compromised
Your first step should be to take stock of what personal information or data may have been compromised. The data controller or processor must send you a data breach notification where there is a high risk to your rights or freedoms.
This notification must include:
- A description of the data breach incident.
- Contact details for the data protection officer or other point of contact.
- A description of how the breach may affect you.
- Information on what measures are being taken or which will be taken.
You should then contact the data protection officer (or other point of contact) to find out what data has (potentially) been involved in the breach. Have online accounts or physical records been affected? You should ask what specific data such as your name, address or unique passwords were involved.
Secure Your Accounts
As soon as you receive notification of a data protection breach you should immediately change login details (such as unique passwords) for any affected accounts.
You may wish to consider steps such as:
- Enabling two-factor authentication (2FA) or identity verification where possible.
- Using a password manager to help generate and store strong unique passwords for your online accounts.
Taking such steps can help to secure your accounts.
Monitor Your Financial Accounts and Credit Reports
If any information relating to online payments or financial details were involved in the breach you should monitor your credit reports and financial accounts. Steps you can take may include:
- Checking your credit file for any suspicious activity, such as an application for credit you did not make.
- Contacting your bank and any other card providers to inform them your details may have been involved and placing a block on transactions.
- Checking your bank statements for any suspicious or unauthorised card transactions.
- Checking your credit card statements for any suspicious or unauthorised transactions.
Many credit reference agencies offer free credit reports which will help you monitor your credit score. Agencies may also offer credit monitoring services.
Look Out for Signs of Scams
Finally, in addition to monitoring your accounts, you should also look out for any signs of scams.
Signs you may check for include:
- Phishing emails or texts.
- Fake phone calls, such as those pretending to be from your bank or other account provider.
- Phone calls asking for your details or requesting payments over the phone.
A scammer may attempt to use information from a security breach to try and impersonate your bank or a similar institution.
Finally, you could contact our team of advisors. If they think you have a valid claim, they could connect you to one of the data breach solicitors on our panel.
Who Are The ICO And Do I Need To Report The Data Breach
The Information Commissioner’s Office (ICO) is a non-departmental, executive public body. It is sponsored by the Department for Science, Innovation and Technology.
The ICO:
- Works in the public interest to uphold information rights.
- Promotes data privacy for individuals and openness in public bodies.
- Regulates information and data protection legislation.
- Enforces data protection laws.
- Provides organisations with resources and guidance.
The party who suffered a data breach must report this to the ICO within 72 hours of discovery. As the data subject, you do not need to report this breach.
The data controller or processor must provide the ICO with the following information.
- What has happened?
- How did the breach occur?
- What risk assessment has been carried out?
- Steps that have been taken to contain the breach.
Learn more about time limits for data breach claims and how to take action by contacting our team.
What Steps Can I Take To Prevent A Data Breach?
There are steps which data subjects could take in order to prevent or mitigate the impact of a data breach. Steps may include:
- Creating strong unique passwords for different accounts. You could use a mix of numbers, letters and special characters. This is an important step if your password has been part of a data breach.
- Update software, applications and anti-virus protection as new versions are released.
Ensure you use secure connections whether at home or elsewhere. Try to avoid public or open networks for financial transactions. - Limit sharing personal information with third parties. Only give out information as and where necessary.
You can also take steps previously outlined in this guide such as monitoring your accounts, enabling two factor authentication and being aware of phishing attempts.
You can find further help and advice on how to minimise the risk of a personal data breach in this resource from the ICO.
Should I Seek Legal Advice?
If you have been affected by a data protection breach, such as suffering a financial loss or anxiety you could be able to claim compensation. To do so you may choose to seek legal advice from a specialist solicitor.
Whilst you do not have to claim compensation through a solicitor, we believe that there are benefits to doing so. Our panel of data breach solicitors are experienced at helping people impacted by data breaches get the compensation they are owed.
They are experienced at guiding people through the claims process. They could provide advice on:
- What evidence may support your claim and how to collect it.
- Organise for you to have an independent assessment of your mental health injuries. This diagnosis and medical report may be used to help support your claim.
- They could advise what compensation you could recover for your financial losses and what evidence may prove such claims.
In addition, they could offer their services under a Conditional Fee Agreement (CFA).
Please contact our team for further information on what data breach costs you may claim for.
How Data Breach Claims Can Help You
The solicitors who make up our panel could handle your case under a CFA. This is a type of No Win No Fee agreement. Under a CFA you would typically:
- Not need to pay your solicitor for their work in advance.
- Not be asked to pay for their work whilst your case is in progress.
- Only need to pay for the solicitors’ work if you are awarded compensation.
If you are awarded compensation your solicitor would charge a success fee. They would deduct this fee from the compensation. The fee would be a legally capped percentage of the compensation award.
Contact Us Today
Contact our team today for a free assessment of your case.
- Phone an advisor on 020 8050 3051.
- Use our online form to contact us.
- Speak to us live on our chat.
Get More Information
You can get more information related to the data breach claims process below. We have also included further information on protecting your personal data.
- View how to claim for a credit card data breach in this guide
- Check how to make a human error data breach claim in this guide.
- If your paperwork has been lost or stolen you could make a data breach claim.
Data protection resources.
- View more information on staying secure online in this guide from the National Cyber Security Centre.
- Learn more about protecting your data in this guide to data security from the ICO in this guide.
- Get help with anxiety, fear or panic in this NHS resource.
Thank you for reading our guide on what to do if your data has been breached. Please get in touch with our expert team if your personal or sensitive information has been involved in a data breach.