In the modern digital age, our personal data is highly valuable. The recent advancements in technology and the growth of social media mean that personal data is being collected and used more than ever by public bodies and organisations. It is often the case that individuals are unaware of the extent of how personal data is collected, used and stored. Some forms of personal data are sensitive in nature, and you have the right for such information to be kept private by the organisations and public bodies that collect the data. However, organisations have breached this duty by making unwanted disclosures of an individual’s personal information. Personal data breaches can cause significant financial and emotional harm to individuals affected, and the Data Protection Act 2018 and the General Data Protection Regulations (GDPR) have set out rules to protect an individual’s personal data and to allow individuals to take action where they have suffered a breach of data protection.
What is ‘personal data’?
Under GDPR, personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
This means that personal data is information that relates to an individual, who must be identified, or can be identified, by reference to identifiers (such as a name) or factors specific to that individual. The ‘information’ that can constitute personal data is broad – for example, an individual’s name, home address and contact details are all forms of personal data. Location and GPS data, as well as an IP address, will also constitute personal data. Medical records and other personal information held by medical bodies in respect of an individual are also forms of highly sensitive personal data. These are just a few examples of what may constitute personal data, as the definition is wide and inclusive.
What is a data breach?
A personal data breach is a breach of security causing the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are caused both accidentally and deliberately. A personal data breach occurs whenever any personal data is accidentally or wilfully lost, destroyed, corrupted or disclosed. A personal data breach will also have taken place where someone accesses the data or passes it on without authorisation, or where the data is made unavailable and this unavailability has a significant negative effect on individuals. It is also considered a personal data breach where an organisation has collected and retained incorrect or out-of-date data relating to an individual.
What can I claim for?
Data breach claims can arise in a number of circumstances. Large companies can accidentally disclose personal data, often on a mass level. Personal data from organisations can be hacked, which is becoming more and more common. Personal data can be accidentally disclosed to Third Parties without your consent. Generally, if your data is used for a purpose that you did not consent to, you may be entitled to claim.
How can I be affected?
Data breaches can be minor and serious. It may relate to simple data, like an email address or a telephone number. More serious cases can involve disclosure of financial or medical information which can have serious and harmful effects. We have seen many cases involving accidental disclosure of medical information to Third Parties, which can cause significant upset and distress to victims. In Northern Ireland, we have recently seen the accidental publication of details of victims of historical institutional abuse. If you have suffered upset and distress as a result of a data breach, you may be entitled to claim compensation. Aside from upset and distress, data breaches can cause financial loss and a violation of your privacy rights.
Who can take a data breach claim?
Anyone who has been impacted by a data breach can make a claim through our experienced Litigation team.
We have acted for many clients who have been affected by a breach of personal data. We have overseen a number of successful cases involving, for example, disclosure of medical records to Third Parties or the loss of medical records, where we have obtained fair and deserved compensation for our clients.
How do I claim for a data breach?
Contact the Litigation Department at O’Reilly Stewart – we can take action on your behalf if you have suffered damage due to a data breach. Please simply contact us by telephone on 028 90 321 000 or contact us via our instant message function to request a call back.