Features

Data dilemma

AdobeStock_416841080

Jo Cullen from local solicitors Edwards Duthie Shamash takes a look at the steps you should take if your sensitive personal data is compromised by your employer

Has your employer disclosed personal data without your consent or as a result of a systems hack? There are breaking news stories around personal data breaches that will inevitably cause significant concern to those affected. Personal data is any information that can identify you directly (or in combination with other information) such as your name, address or telephone number.

Sensitive personal data might also include details an employer holds on you about your health, trade union membership, as well as your political or religious beliefs. A loss of personal data can result in information being used by criminals in identity theft crimes or those affected might suffer financial losses or health issues as a result of the breach.

What should an employee do if they discover their personal data has been released or their employer’s systems have been hacked?

If you discover a breach, you should inform your employer immediately about the incident and ask for full details of what has been released or taken, and how and why this has happened without your consent. If your employer becomes aware of a breach of your personal data before you, they should notify you without delay and they should make you aware of the steps they are taking to remedy the breach.

You should keep a record of all correspondence with your employer regarding the data breach and keep a chronology of events. You may need this at a later date if you need to escalate matters by making a complaint to the Information Commissioner’s Office (ICO) or to make a claim for damages against your employer.

It will be important to understand what data has been released as you may need to monitor your bank accounts, credit reports and any other sensitive information for unauthorised or unusual activity. If you notice any suspicious transactions or activities on your bank accounts you should report these to your bank urgently.

Your employer should have a data protection policy and privacy notice which sets out details of what information they hold on you and how this data is processed. You should familiarise yourself with these documents as this will help you understand your rights and the obligations your employer has in protecting your personal data. 

If you believe your employer’s negligence has caused harm, or they have failed to take appropriate steps to deal with a breach, you should take legal advice on your position and the options available to you.


Edwards Duthie Shamash is located at 149 High Street, Wanstead, E11 2RL. For more information, call 020 8514 9000 or visit edwardsduthieshamash.co.uk

Editor
Author: Editor