Data Protection Bill needs changing to help data breach victims, says Which?

null

Victims of a data breach may soon be able to seek compensation for their losses thanks to a new watchdog campaign.

Consumer rights champion Which? has called on the UK government to amend the Data Protection Bill, currently under parliamentary discussion in order to ensure that organisations such as itself are able to fight for the rights of those affected by major breaches or hacks.

The call comes after major companies around the world were hit by huge breaches in 2017, including the damaging attacks against Yahoo and Equifax.

Currently, companies are required by law to help any of their customers affected by a breach, but consumers can seek any redress or hold companies to account for being negligent. Instead, individual cases of complaints have to be carried out, which are often time-consuming and expensive.

“Data breaches are now more commonplace and yet many people have no idea what to do or who to turn to when their personal data is compromised,” said Alex Neill, managing director of home products and services at Which?. 

“The Government should use the data protection bill to give independent bodies the power to seek collective redress on behalf of consumers when a company has failed to take sufficient action following a data breach.”

Which?'s campaign comes after the watchdog carried out research on how much UK consumers knew about their rights after being involved in a data breach. The company found that eight per cent of British people believe they have been affected within the last year. However Which? says that the true number could be much higher, particularly as it also found that nearly three quarters of Brits believe that information they have shared online within that time period could be at risk.

The technology industry has been quick to support Which?'s call, highlighting that any company affected by a breach needs to take responsibility for its shortcomings.

“Customers have no control over the security of their online providers, so the right to collective redress after a data breach is a positive step in the right direction," said David Emm, principal security researcher, Kaspersky Lab.

"However, it is also important that the general public recognises the value of personal information. New data protection laws are designed to make organisations more careful, but regardless of this, it is important that, at an individual level, we know what information is being kept and how it’s being handled – which will also reduce the likelihood of it falling into the wrong hands. Being vigilant online needs to become second nature. Undertaking simple steps, like regularly changing passwords, reviewing default settings on social media and using Internet security software across all devices can significantly help protect data.”