Personal data breach
A data breach is the intentional or unintentional release of
secure or private/confidential information to an untrusted environment. Other
terms for this phenomenon include unintentional information disclosure, data
leak, information leakage, and also data spill.
What is considered personal data?
Personal data is any information that relates to an
identified or identifiable living individual. Different pieces of information,
which are collected together can lead to the identification of a particular person, and also constitute personal data.
Examples:
Loss or theft of hard copy notes, USB derive, computers or
mobile devices, an unauthorized person gaining access to your laptop, email
account, or computer network. Sending an email with personal data to the wrong
person.
Personal data breach GDPR
In the GDPR text, a personal data breach is defined as a
breach of security that leads to the accidental or unlawful destruction, loss,
alteration, or unauthorized disclosure of, or access to, personal data transmitted,
stored, or otherwise processed.
Companies can be fined for GDPR violations on one of two
levels:
i. Individuals can also face fines for GDPR violations if
they use other parties' personal data for anything other than personal
purposes.
Who is liable for a GDPR breach?
Although the General Data Protection Act (GDPR) does not
provide for a director’s personal liability where a company commits a data
breach, by section 198 DPA, personal liability arises where an offense has been
committed by the company and it is proved to have been committed with the
consent or connivance of or to be.
Claim for GDPR
Under DPA and GDPR, you are entitled to file a data breach
claim up to £2,000 or more in data breach compensation if:
Your personal data has been leaked, disclosed, lost, misused
or hacked, or corrupted. It does not matter if you suffered economic loss, you
still can make a claim.
Categories of a personal data breach
i. Confidentiality
breach:
Where there is an unauthorized or accidental disclosure of
or access to personal data.
Example:
If a freelancer works for a number of clients in the same
industry and accidentally emails confidential business information to the wrong
client.
If there is sensitive information on the laptop and the laptop is stolen.
A breach of confidentially is especially significant in the
medical field, the legal profession, the military, or matters of state
security. It is a common-law offense, meaning it can be brought as a civil
lawsuit against the person who broke the agreement.
ii. Availability
breach :
Where there is an accidental or loss of access to or
destruction of personal data
iii. Integrity
breach:
Where there is an unauthorized or accidental alteration of
personal data.
Type of information is the most frequently exposed in a data
breach:
Common data breach exposers include personal information,
such as credit card numbers, Social Security numbers, and healthcare histories,
as well as corporate information, such as customer lists, manufacturing
processes, and software source code.
How do prevent data breaches?
1. Create complex
passwords. Use different ones for each account, and change your passwords if a
company you’ve recently interacted with gets hacked.
2. Use multi-factor
authentication when available
3. Shop with a credit
card
4. Watch for fraud
5. Guard against
identity theft
6. Set up an account
alerts
7. Keep only what you
need. Inventory type and quantity of information in your files and on your
computer.
8. Destroy before
disposal
9. Update procedure
10. Control computer
usage
11. Keep security
Software up-to-date