Employer Data Breach: has your employer disclosed personal data without your consent or as a result of a systems hack?
Employer Data Breach
There are breaking news stories this week around personal data breaches which will inevitably cause significant concern to those affected. Personal data is any information that can identify you directly (or in combination with other information) such as your name, address, or telephone number. Sensitive personal data might include details an employer holds on you about your health, trade union membership, as well as your political or religious beliefs. A loss of personal data or sensitive personal data can result in personal information being used by criminals in identity theft crimes or those affected might suffer financial losses or health issues as a result of the breach of their personal information.
What should an employee do if they discover that their personal data has been released or their employer’s systems have been hacked?
If you discover a breach, you should inform your employer immediately about the incident and ask for full details of what has been released/taken, and how and why this has happened without your consent. Your employer, once on notice of the breach, should then take urgent appropriate action to mitigate the situation.
If your employer becomes aware of a breach of your personal data before you, they should notify you without delay and they should make you aware of the steps they are taking to remedy the breach.
You should keep a record of all correspondence with your employer regarding the data breach and keep a chronology of events. You may need this at a later date if you need to escalate matters by making a complaint to the Information Commissioner’s Office (ICO) and/or to make a claim for damages against your employer.
It will be important to understand what data has been released as you may need to monitor your bank accounts, credit reports, and any other sensitive information for unauthorised or unusual activity. If you notice any suspicious transactions or activities on your bank accounts you should report these to your bank urgently.
Your employer should have a data protection policy and/or privacy notice which sets out details of what information they hold on you and how this data is processed. You should familiarise yourself with these documents as this will help you understand your rights and the obligations your employer has in protecting your personal data. These documents will also confirm how you can complain about any breach of policy internally and externally. Further information can also be obtained from the ICO.
If you believe your employer’s negligence has caused harm, or they have failed to take appropriate steps to deal with the breach, you should take legal advice on your position and the options available to you. You can report your employer to the ICO. You may also be able to take a claim against your employer if you have incurred costs or lost money because of an employer data breach (material damages claim). You may also be able to consider a non-material damages claim for distress, anxiety or depression that results from a data breach.
How can our employment solicitors help?
Our employment solicitors have extensive experience in data protection matters. If you have any questions around data protection or your personal data has been disclosed without your consent, please contact our employment solicitors for an initial free, no obligation conversation on 020 8475 7401 or email us at employment@edslaw.co.uk. Our employment solicitors can meet with you via Teams or Zoom or face to face by arrangement at one of our offices in London Waterloo, Stratford, Wanstead or Ilford.