Preventing an individual from leaking personal information

Leaks of personal information online can have financial and reputational implications that can be devastating to businesses as well as individuals. The increased use of both the internet and social media in everyday life offer people convenience but at the same time this increases the risk of personal information being leaked. Individuals now share a lot of information with organisations that store and often share this data with others for legitimate purposes. However, this information can be leaked, either intentionally or accidentally, causing distress and potential harm to the individual concerned.

What is a data breach?

Everyone’s personal and sensitive information is protected and should be kept private by those that have access to it. The main legislation that covers data protection is:

• The General Data Protection Regulation (GDPR) 2016
• The Data Protection Act 2018

Data protection means that people are reassured that their information is being used and retained fairly and responsibly. Data protection is part of the fundamental human right to privacy. Those that collect and use other people’s data must ensure that they comply with data protection legislation.

Where there is a breach of data then the organisation responsible for this needs to report the breach to the relevant authority within 72 hours of becoming aware of the breach. The individuals themselves have to be notified if there is a high risk of their rights and freedoms being affected by the breach.

What is personal data?

The GDPR applies to the processing of personal data that is:

• Wholly or partly be automated means.
• The processing other than by automated means of personal data that forms part of, or is intended to form part of, a filing system

Personal data related to information on natural persons that:

• Can be identified, or who are identifiable, directly from the relevant information
• Who can be indirectly identified from that information in combination with other information

It can also include special categories of sensitive personal data (for example criminal convictions) and these can only be processed in certain situations. GDPR does not apply to anyone that has died.

How should you protect your personal information online?

There are various practical steps that everyone should take to make sure that any information that they share with others is safe and protected.

Be careful with online transactions

If you are doing a financial transaction over the internet, make sure you check the credibility of the website by ensuring there is a padlock symbol in the browser bar. Do not give any additional information that is not required for the transaction.

Protect your information on social media

Be very careful of information that you willingly share with others on social media:

• Holiday photos show that your home is unoccupied
• Celebrations of birthdays and anniversaries can reveal key dates that companies can use as a security question
• Links to family members can show other answers to common security questions, for example your mother’s maiden name
• Discussions of pet names can also give away information used by companies
• Photos of your home can show your address

Check your privacy settings and make sure you use the highest level to control who can see your information. Even where you have limited your audience to just friends, others can often share your photos or take screenshots that can be shared with anybody around the world.

General online safety

Always make sure that you are using strong passwords that are not repeated across multiple websites. Check the security and privacy settings on your internet browser to make sure these are set at the highest level.

Make sure you have installed a reputable antivirus and security software and keep this regularly updated. Online scams are becoming more credible and technical resulting in individuals unwittingly giving away their private information to criminals using fraudulent websites. Never click on a link in an email unless you have been able to verify the sender’s identity. Look at the email address of the sender and check for mistakes in the content of the email. Unless you were expecting the email and have requested it, it is always better to go to the website directly rather than clicking on links found in an email.

What should you do if your personal information is leaked?

The misuse of personal information is now recognised as a tort and it is possible for legal action to be taken in these situations.

In relation to general leaks of information under GDPR, there are practical steps that are recommended where your personal information has been leaked online:

• Get confirmation of the type of breach and what information has been leaked
• Change your password for the compromised website and any other website that uses the same one. It is always advisable to use different passwords for every different log in. Password managers are very useful for helping you monitor and record your passwords.
• Many services allow for two-factor authentication or verification, which gives an added layer of security, which should be used where available.
• Check your bank accounts and credit cards to make sure there is no fraudulent activities.
• Stay in touch with the organisation where the breach occurred from since they will update you on steps they are taking and what action they advise you to take