The risk of data breaches is higher than ever before – it’s important to know your data privacy rights if your data has been exposed.
Data has become an invaluable commodity – priceless to law-abiding organisations and criminal fraternities alike. As such, its protection is paramount.
But occasionally, organisations and authorities fail in their duty to keep the data they hold safe.
In today’s digitised landscape, just about every business, retailer, governmental department, charity – any and every type of entity you’d commonly have dealings with, in fact – will collect, process and store personal and confidential data about us.
When that data is breached though – which usually means it’s been accessed by hackers, stolen by cyber-criminals or as a result of human error – what protection is there for you in law, in your role as the ‘data subject’?
Firstly, let’s look at the regulations protecting British citizens. General Data Protection Regulation (GDPR) is a framework focusing on the protection of personal data. It’s essentially a UK version of the European Union’s GDPR, mirroring its main principles but with some adaptations to recognise any differences in these shores’ laws. Our version, created when the UK left the union, includes provision for scientific research and statistical purposes.
You may be wondering what GDPR compliance actually refers to. The official definition of GDPR defines personal data as any information that relates to “an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Your enforceable rights under the UK’s GDPR include:
In short, it establishes rules for those entities using personal data and the obligations for them to adhere to.
Our privacy is a right, and a valuable one at that.
Privacy laws and requirements have had to be revamped and changed to move with the digitised times of modern-day life. There is simply far more data that needs protecting these days, and more risk associated with any failure to protect it. Stolen data is often exploited by cyber-criminals. Even fairly basic information, such as names and addresses, birth dates and financial records are manna from Heaven for those keen to carry out their illicit activity.
They have a range of options once they’ve bypassed an organisation’s security. If they don’t want to use the data themselves they might sell it on, most commonly on the dark web. They may launch a ransomware attack, only returning access to systems and online accounts to those who should rightfully have it once their demands have been met.
They may also use stolen data to carry out identity fraud, once they’ve collected enough to make purchases, apply for credit or benefits and more. Needless to say, none of these eventualities bode well for the data subject in question.
So, how are you protected by data privacy laws?
Data protection rules and regulations require those companies, businesses, authorities and more to process data only when certain conditions are applicable. They have a duty to protect the information they hold and keep it away from prying eyes.
Conditions that apply to data protection include:
While organisations storing data are obliged to have protection measures in place to keep the data subjects’ privacy private, stricter and more stringent security is required where more sensitive data is concerned. This ‘special-category’ data includes political or religious beliefs, personal biometrics, ethnicity, gender status, sexual orientation, medical information, internet history and IP address(es) and official bodies’ identifying references.
If the businesses, governmental bodies and other organisations stick to their requirements they can gather, process and store data in a lawful manner. They will always have a responsibility to you, as the data subject, to take the necessary steps to protect it and repel those trying to breach their security measures.
The laws and guidelines regarding data protection, maintaining confidentiality and responsible information gathering may be tweaked (or entirely overhauled) from time to time but the underlying premise remains.
Your rights are clear – you have the right to expect robust protection of your confidential data so that it remains secure at all times. You also have the right to know what information of yours companies hold, what they use it for and why.
Your data should be lawfully processed and safely stored. This information is valuable and confidential, and should stay that way.
Those entities failing to keep it safe are failing you.
