Preventing an individual from leaking personal information

Leaks of personal information online can have financial and reputational implications that can be devastating to businesses as well as individuals. The increased use of both the internet and social media in everyday life offer people convenience but at the same time this increases the risk of personal information being leaked. Individuals now share a lot of information with organisations that store and often share this data with others for legitimate purposes. However, this information can be leaked, either intentionally or accidentally, causing distress and potential harm to the individual concerned.

If you have had your personal information leaked, click the link below to contact our expert Reputation & Privacy Solicitors.

BOOK CONSULTATION

What is doxing?

Doxxing, or doxing, is a term used to describe the act of intentionally revealing a person’s personal information without their consent. It is typically done to harass or intimidate the victim, as the private information shared may include the victim’s full name, address, and phone number.

Individuals subject to doxxing may fear for their personal safety, as well as the potential damage done to their reputation and associated financial loss. In some cases, people may be doxed due to mistaken identity, causing significant confusion and frustration.

Doxing itself is not a criminal offence in the UK, however, the perpetrator’s actions may fall under an existing criminal offence under:

Data Protection Act 2018 - if personal data is shared without consent.
Malicious Communications Act 1988 - if the victim recieves messages intended to cause them distress or anxiety.
Protection from Harassment Act 1997 - if the doxing leads to harassment, stalking or conduct putting the victim in fear of violence.

What is a data breach?

Your personal data may also be leaked unintentionally. But regardless of whether a breach is intentional or by accident, you may suffer the same negative consequences, such as emotional distress and reputational harm.

Cybersecurity and regulations concerning personal data have developed significantly since the infamous Ashley Madison data breach in 2015, when up to 36 million users were affected by the hacking of the dating site which facilitated extramarital affairs. However, cyber attacks have continued to evolve in sophistication. For example, in April 2025, Marks & Spencer (M&S) experienced a cyber attack which resulted in a temporary suspension of online orders and affected the availability of some products in-store. Furthermore, M&S confirmed that customer personal data had also been stolen. Fortunately, this did not include usable card or payment details, though data such as contact details, date of birth and online order history may have been breached.

Information concerning your previous grocery shop may not carry the same reputational damage as the exposure of an affair, but when even reputable retail giants such as M&S can be hit by a major cyber attack, it is an important reminder to remain viligant when it comes to your personal data.

The legislative framework

Under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) 2016, personal and sensitive information must be protected and kept private by those that have access to it.

Data protection means that people are reassured that their information is being used and retained fairly and responsibly. Data protection is part of the fundamental human right to privacy. Those that collect and use other people’s data must ensure that they comply with data protection legislation.

Where there is a breach of personal data then the organisation responsible for this needs to report the breach to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach. If a significant cyber attack has occurred, then the organisation may also need to make a report to the National Cyber Security Centre (NCSC).

The individuals whose data has been breached should also be notified without undue delay if there is a high risk of their rights and freedoms being affected by the breach.

What is personal data?

The GDPR applies to the processing of personal data that is:

Wholly or partly be automated means.
The processing other than by automated means of personal data that forms part of, or is intended to form part of, a filing system

Personal data related to information on natural persons that:

Can be identified, or who are identifiable, directly from the relevant information
Who can be indirectly identified from that information in combination with other information

It can also include special categories of sensitive personal data (for example criminal convictions) and these can only be processed in certain situations. GDPR does not apply to anyone that has died.

There are various practical steps that everyone should take to make sure that any information that they share with others is safe and protected.

How to protect your personal information online

Protect yourself on social media

Be very careful of information that you willingly share with others on social media:

Holiday photos show that your home is unoccupied
Celebrations of birthdays and anniversaries can reveal key dates that companies can use as a security question
Links to family members can show other answers to common security questions, for example your mother’s maiden name
Discussions of pet names can also give away information used by companies
Photos of your home can show your address

Check your privacy settings and make sure you use the highest level to control who can see your information. Even where you have limited your audience to just friends, others can often share your photos or take screenshots that can be shared with anybody around the world.

Be careful with online transactions

If you are doing a financial transaction over the internet, make sure you check the credibility of the website by ensuring there is a padlock symbol in the browser bar. Do not give any additional information that is not required for the transaction.

General online safety

Always make sure that you are using strong passwords that are not repeated across multiple websites. Check the security and privacy settings on your internet browser to make sure these are set at the highest level.

Make sure you have installed a reputable antivirus and security software and keep this regularly updated. Online scams are becoming more credible and technical resulting in individuals unwittingly giving away their private information to criminals using fraudulent websites. Never click on a link in an email unless you have been able to verify the sender’s identity. Look at the email address of the sender and check for mistakes in the content of the email. Unless you were expecting the email and have requested it, it is always better to go to the website directly rather than clicking on links found in an email.

The information on this website is intended as a guide and does not constitute legal advice. Vardags do not accept liability for any errors in the information on this website, nor any losses stemming from reliance upon the statements made herein. All articles and pages aim to reflect the legal position at time they were published, and may have been rendered obsolete by subsequent developments in the law. Should you require specialist advice, tailored to your situation, please see how Vardags can help you.

What our clients say

Do not think twice about engaging this firm, they have been nothing short of brilliant, and in my opinion you will not find better.

Nicole Barnes

Your care throughout was amazing.

Christina Wolff

Knowledgeable, respectful and empathetic service and team.

Michelle Ravden

Thanks to Emma and the team for the outstanding handling of my case. Throughout the months of my ongoing case I was kept informed and updated at all times never left wondering what was happening or where I stood. From meeting... READ MORE Emma I felt instantly that my case was in good (understatement) hands, she has a friendly personal approach as well as so much expertise in the handling of family law cases. I feel so grateful to have had Emma and her team handle my case and for the outcome! Thank you!

Emily Calvin

What sets Tatiana apart is her genuine compassion and dedication to her clients. She treated me with the utmost respect and kindness, making me feel valued and supported throughout the entire process. She is a true advocate and... READ MORE an exceptional professional who will go above and beyond to fight for your rights and your family's well-being.

Alexandra Gutina

Outstanding firm and of highest level of professionalism. I would highly recommend Vardags as best in class in what they do.

Sandip Kotecha

| WHEN YOU NEED TO WIN

Privacy & Terms

Careers

Graduate Training Programme

Support

Useful Pages

Head Office

10 Old Bailey
London
EC4M 7NG

Tel: 020 7404 9390

Fax: 020 7404 8995

Vardags Limited is a limited company trading as Vardags, Company No 7199468, registered in England and Wales, having its registered office at 10 Old Bailey, London EC4M 7NG. Vardags is authorised and regulated by the Solicitors Regulation Authority (SRA Number 535955). Its VAT number is 99 001 7230.

Vardags uses the term ‘Partner’ as a professional title only, to describe a Senior Solicitor, Employee or Consultant with relevant experience, expertise and qualifications (whether legally qualified or otherwise) to merit the title. Our Partners are not partners in the legal sense. They are not liable for the debts, liabilities or obligations of Vardags Limited. Similarly, the term ’Director’ is a professional title only, to describe an employee or consultant of Vardags with relevant experience, expertise and qualifications to merit the title. It does not necessarily imply that the relevant individual is a director of Vardags Limited.

A list of the directors of Vardags Limited and a list of the names of those using the title of ’Director’ and ’Partner’ together with their official status is available for inspection at Vardags’ registered office.