New Year, Same Old Threats If Things Go WrongJan 04, 2021
The festive season brought another first for me.
I saw my first television advert for compensation following a data breach.
If you were one of those whose personal data was compromised following the British Airways data breach, you can now join a group taking collective legal action against the airline. It says so in an advert on the telly. Which was repeated A LOT last night. Not only attracting people to the cause but also eroding whatever is left of BA's corporate image.
The Data Protection Act (GDPR) contains provisions giving you, as a private individual, the right to do so, and for a legal expert to act on your behalf.
A Long Time Coming?
Many in the world of data protection have been warning about legal actions such as this for a couple of years now. Never mind those big, headline fines, this is where the real danger lies for most organisations.
For some legal services companies, data breach work is viewed as a replacement for the revenue they used to enjoy handling PPI claims. This is not a new threat to businesses as they process personal data. It's just that it has taken a while for the legal system to go through the motions and reach this stage. It is now "real".
Are You An Easy Target?
Well? Are you? We can all accept that sometimes, with the best will in the world, things go wrong. People are reasonable. What matters is that you are seen to be accountable (and actually are...). If you have all your privacy and data protection ducks in a row, this can only help you on the day a breach incident happens.
You will be judged on your response to a data breach. Delays, silence, denial - none of these will cause a positive judgement.
If you don't have your privacy management in some sort of order, you will be an easy target for those seeking compensation. The ambulance chasers will flock around your organisation in a most unwelcome manner. Because if you aren't organised in this regard, you make yourself their lawful prey.
This is as it should be. Organisations are supposed to be following data protection principles and upholding the rights of individuals. The implications of getting it wrong can be serious for those affected. There are consequences for data subjects, so there is a need for data controller consequences too.
Happy New Year!
What are your plans for 2021?