By Aman Johal, Lawyer, and Director of Your Lawyers
In the last few years, we have seen unprecedented levels of data breach activity, with cybersecurity attacks compromising the personal data of hundreds of millions of people globally.
Modern technology provides businesses with a revolutionary and sophisticated infrastructure for data access and sharing. However, with this increase, inaccessible data comes the need for increased responsibility, and the key priority for businesses should be to properly protect the personal information they hold.
Why cybersecurity training must be a priority for businesses in 2020
Employees must be sufficiently educated and upskilled in the area of data protection, including understanding how best to avoid errors that can lead to a data breach, and what to do in the event of a cybersecurity attack. The importance of educating staff must never be underestimated – if they are not provided with adequate training on how to protect data and avoid leaks, they are liable to end up causing one themselves.
In 2019, US home-security camera provider Wyze Labs suffered a data breach, where camera information, Wi-Fi network details and email addresses of 2.4 million customers were exposed. The breach, which lasted a staggering 23 days, was caused by an employee’s mistake. Equifax is another data breach that was entirely preventable due to human error; another example of a clear lack of awareness for even the most elementary security procedures.
Research has shown cybercrime costs UK businesses an estimated £21 billion per year, while also finding that email security and employee training are listed as the biggest issues faced by IT security professionals. Upskilling employees through cybersecurity training may appear to cost a significant amount of resources in the short term but it is likely to pay dividends in the long run. Businesses must implement strategies and recruit skilled personnel to ensure the entire company is adhering to data protection regulations. The introduction of the GDPR not only makes their duties more stringent, but it also gives the public greater awareness and clarity as to how their data should be securely stored and treated.
The risks of a data breach and how to negate them
The legal and financial implications of breaching data privacy laws can be cataclysmic. If a business is found to be in breach of the GDPR regulations, it could be liable for compensation claims and regulatory fines. Competition across a range of markets could be shaped by such breaches – the 2018 BA scandal could see an estimated combined pay-out figure of £3bn, and a provisional intention to fine the sum of £183m has been issued by the ICO. Those who are subject to financial and reputational damage that arises as a result of poor data protection practices and a lack of staff training could lose market share and even run the risk of going out of business.
If a business experiences a data breach, it needs to consider the severity of the incident and whether it will have a significant impact on those affected. If there’s a big enough risk and impact, the offence must be reported to the ICO, who then has the power to prosecute for breaches of the law. ICO investigations can even lead to staff losing their jobs and facing serious criminal charges for deliberate or reckless breaches, and the impact of such breaches can also be felt by the employer.
The impact of the misuse or exposure of information for the victims can be life-changing, and it is important that people’s rights are clearly understood. If impacted by a data breach, the victim may be able to claim compensation for any emotional distress caused, as well as for any financial losses incurred too. However, the recent Google ruling means that there’s now the ability to claim purely for the being victim of a data breach.
Moving forward, businesses must do all they can to protect the personal data they hold, and this starts with ensuring that their staff are sufficiently trained in data protection and cybersecurity. The increasing reliance on cloud technology and accessible data means there are even more vulnerabilities to cybersecurity attacks. When employees feel confident through training and are completely aware of the risks, they’ll be less likely to make the kind of mistakes responsible for the Wyze Labs and Equifax breaches.
About the Author
Aman Johal, Lawyer and Director of Your Lawyers. Aman founded consumer action law firm Your Lawyers in 2006, and over the last decade he has grown Your Lawyers into a highly profitable litigation firm.
Your Lawyers is a firm which is determined to fight on behalf of Claimants and to pursue cases until the best possible outcomes are reached. They have been appointed Steering Committee positions by the High Court of Justice against big corporations like British Airways – the first GDPR GLO – as well as the Volkswagen diesel emissions scandal, which is set to be the biggest consumer action ever seen in England and Wales.
Aman has also has successfully recovered millions of pounds for a number of complex personal injury and clinical negligence claims through to settlement, including over £1.2m in damages for claimants in the PIP Breast Implant scandal. Aman has also been at the forefront of the new and developing area of law of compensation claims for breaches of the Data Protection Act, including the 56 Dean Street Clinic data leak and the Ticketmaster breach.