Data Breaches and Public Security
If you are a UK resident you will not have failed to notice in recent months the furore caused by the loss of thousands – indeed millions – of records relating to personal information on individuals and families across the United Kingdom.
Indeed such has been the fall out from these events that many are now questioning not only how these events could have taken place but just how and where our personal information is being stored and for what purpose.
What Constitutes a Data Breach?A data breach is the impromptu – and often accidental – loss of information or records relating to individuals that have been kept on the computer systems of business and government agencies.
These records often include information on individuals such as:
- Date of Birth
- Bank, Building Society or Post Office Account Details
Indeed such is the level contained within these records that it is only normally under supervision that such information is accessed for use.
HackingHacking is another way in which personal information can be accessed. Hacking is the illegal and sometimes destructive procedure carried out by person or persons unknown from a location far removed from the location of such information. It normally involves the illegal entry to a computer system using what is known as a ‘back door’ and can not only result in the unauthorised copying of data but also the destruction of such data as an act of computerised vandalism.
How is My Information Being Accessed?The truth is that unless you specifically ask an organisation who they use your personal information and how it is accessed they will not tell you.
However there is a law in place which allows you to find out how your information is stored, accessed and used and this law is called the Data Protection Act.
The Data Protection ActThe Data Protection Act was created in order to oversee how the information on an individual is managed. This law enables a company or institution to refuse access to accounts or other information if they feel that the person requesting such information is not the person to whom such information relates.
Indeed the introduction of the Data Protection Act was not only designed to safeguard business and organisations charged with the care of such information but it was also instigated to protect those individuals about whom the information contains sensitive information.
The Data Protection Act is the reason behind you – as an individual – being asked to confirm your identity and answer security questions when contacting an organisation or business for information relating to an account.
If there is doubt as to the identity of the individual on the other end of the line then the company has a legal obligation to refuse to discuss the matter without clarification or further proof of identity. And in the same way it also ensures that unauthorised individuals cannot gain access to such information without the prior approval of the person about whom the information pertains.
Also under the guidelines of the Data Protection Act you can – in writing – request a detailed disclosure of all information held relating to you and also how those companies or organisations holding it use it.
All institutions are obliged to answer any requests for such disclosures and failure to do so constitutes a breach of the Data Protection Act for which a fine can be imposed.
If you are in any doubt as to how a particular company or institution handles your personal information you can write to them asking for an explanation or you can consult your local Citizens Advice Bureau or local authority who can offer advice and guidance on how to proceed with any requests for disclosure.