Government called on to let data breach victims force compensation

Consumer organisation Which? is calling for an amendment to the data protection bill to create new rights

Consumer organisation Which? is calling on the government to create new rights for people who have been the victims of a corporate data breach.

The group wants the data protection bill, currently being debated in Parliament, to be amended so that independent organisations, such as Which? itself, can fight for collective redress for corporate wrongs.

“Data breaches are now more commonplace and yet many people have no idea what to do or who to turn to when their personal data is compromised,” said Alex Neill, the managing director of home products and services at Which?. “The Government should use the data protection bill to give independent bodies the power to seek collective redress on behalf of consumers when a company has failed to take sufficient action following a data breach.”

Current regulations require companies to offer support when their customers have been affected by a data breach, but there is little ability on the part of consumers to hold a negligent data processor to account: the only option available requires each individual to go to the courts to enforce their rights.

In a statement, a DCMS spokesperson said: “We are confident that our Data Protection Bill will provide consumers with the necessary protections when there’s been an infringement of their rights regarding personal data. The Bill will make the UK fully compliant with the GDPR.”

The call comes after a year in which some of the biggest data breaches ever recorded were revealed. In the second half of 2016, the internet service company Yahoo, now owned by Verizon, said two large breaches had been carried out several years earlier. It initially estimated that one billion customers were affected, but in 2017 it updated the estimate to three billion – every single Yahoo customer, or four out of every 10 human beings alive today.

Gigantic data broker Equifax was also affected by an enormous breach, losing extremely sensitive financial information on 143 million US customers and 400,000 Britons. The credit monitoring firm was rapidly criticised for its poor response to the breach, offering a year’s worth of credit monitoring to users looking to find out if they were affected – but only if they agreed to a clause that prevented them from suing the firm.

The true extent of such breaches is still not widely understood amongst the public. According to a study carried out by Which?, to back its calls for new consumer protections, just 8% of Brits think they have been subject to a data breach in the last year. The actual number, given the continued regularity of such large scale data breaches, and the delay it takes many companies to discover they have been hit, is likely to be far higher – closer to the three quarters of Brits who Which? says are concerned that information they have shared could be at risk of a leak.

Free online services such as exist to help consumers discover which services they use have been breached, and what information was lost as part of the breach. The site, run by Australian security expert Troy Hunt, tracks dumps of hacked data and informs members if their email address is included in such a collection.


Alex Hern

The GuardianTramp

Related Content

Article image
BA chief pledges to compensate customers after data breach
Álex Cruz apologises for ‘sophisticated’ theft affecting 380,000 payment cards

Sarah Marsh

07, Sep, 2018 @8:09 AM

Article image
Facebook and Google were conned out of $100m in phishing scheme
Not even two of the biggest US technology firms are safe from fraud, as the social network and the search company named as victims of sophisticated attack

Samuel Gibbs

28, Apr, 2017 @10:27 AM

Article image
Yahoo fined £250,000 for hack that impacted 515,000 UK accounts
ICO says firm ‘failed to prevent’ 2014 Russia-sponsored hack after 500m accounts compromised

Samuel Gibbs

12, Jun, 2018 @2:53 PM

Article image
Security experts: 'No one should have faith in Yahoo at this point'
Yahoo ‘did not take security seriously enough’, failing to prevent a hack which exposed the data of 1 billion users

Samuel Gibbs

15, Dec, 2016 @12:29 PM

Article image
Spambot leaks more than 700m email addresses in huge data breach
Millions of passwords also contained in breach, a result of spammers collecting information in attempt to break in to users’ email accounts

Alex Hern

30, Aug, 2017 @9:53 AM

Article image
Adult Friend Finder and Penthouse hacked in massive personal data breach
Over 412m accounts from pornography sites and sex hookup service reportedly leaked as Friend Finder Networks suffers second hack in just over a year

Samuel Gibbs

14, Nov, 2016 @11:21 AM

Government faces legal action over online snooping

European Union wants Britain to tighten laws on internet privacy as use of new advertising technology questioned

Richard Wray, communications editor

14, Apr, 2009 @11:01 PM

Article image
Dixons Carphone: 10m customers hit by data breach – investigation
Group initially estimated 1.2 million customers had personal data stolen in massive attack

Julia Kollewe

31, Jul, 2018 @7:36 AM

Article image
Mumsnet reports itself to regulator over data breach
Company apologises after bug meant users were able to log into accounts of strangers

Alex Hern

07, Feb, 2019 @3:19 PM

Article image
WhatsApp asked by European regulators to pause sharing user data with Facebook
Article 29 Working Party pan-EU data regulator has serious concerns over WhatsApp data and warns Yahoo over data breach and US authority email scanning

Samuel Gibbs and agencies

28, Oct, 2016 @11:13 AM