• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.
  • If you need direct help with your employment issue you can contact us at admin@legalbeaglesgroup.com for further assistance. This will give you access to “off-forum” support on a one-to- one basis from an experienced employment law expert for which we would welcome that you make a donation to help towards their time spent assisting on your matter. You can do this by clicking on the donate button in the box below.

Personal Details Accessed

Collapse
Loading...
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Personal Details Accessed

    My daughter has been informed by a previous work colleague that the company, which she left a few months ago, was robbed and the employees' personal information was stolen. She is worried her address, NI number & bank details may have been accessed.

    This apparently happened 2 months ago & someone has read an email between the director & HR saying not to tell anyone!

    Does she need to inform her bank, as she is concerned about protecting her credit score & identity, She has just got a new mortgage & doesn't want any problems with that going through.

    Your advise would be appreciated, thank you.
    Tags: None

  • #2
    Re: Personal Details Accessed

    Originally posted by Bigsis View Post
    My daughter has been informed by a previous work colleague that the company, which she left a few months ago, was robbed and the employees' personal information was stolen. She is worried her address, NI number & bank details may have been accessed.

    This apparently happened 2 months ago & someone has read an email between the director & HR saying not to tell anyone!

    Does she need to inform her bank, as she is concerned about protecting her credit score & identity, She has just got a new mortgage & doesn't want any problems with that going through.

    Your advise would be appreciated, thank you.
    To be honest I am really not 100% certain! My instinct would be to say that telling the bank can't do any harm, although, in my experience (identity theft did once happen to me) it is not the bank that is vulnerable in such instances. But I suggest that asking the bank for advice might be a good place to start!

    In her shoes I might be tempted to write to the company saying that she knows that employees personal information has been stolen, and ask in what form that data existed and what the thieves actually have. She doesn't have to say how she found out, but if they are inclined to lie about it, in her shoes, I might casually suggest that if I don't get a good answer the Information Commissioners Office and the local paper will be my first ports of call. If data was only stored on computers that were stolen, whilst the information may still be accessible, it is likely that the thieves were more interested in the value of the computers and the information is simply collateral damage. If it were paper records, that suggests more targeting of the information since thieves don't usually break in to steal paperwork!

    Comment


    • #3
      Re: Personal Details Accessed

      Thank you very much, I'll pass that info onto her.

      Comment


      • #4
        Re: Personal Details Accessed

        I believe the company has a duty to inform the people whos data was stolen of the fact so they can take preventative action if necessary, principle 7.

        https://ico.org.uk/for-organisations...le-7-security/

        Originally posted by Information Commissioners Office
        What should I do if there is a security breach?

        If, despite the security measures you take to protect the personal data you hold, a breach of security occurs, it is important that you deal with the security breach effectively. The breach may arise from a theft, a deliberate attack on your systems, from the unauthorised use of personal data by a member of staff, or from accidental loss or equipment failure. However the breach occurs, you must respond to and manage the incident appropriately. Having a policy on dealing with information security breaches is another example of an organisational security measure you may have to take to comply with the seventh data protection principle.
        There are four important elements to any breach-management plan:
        1. Containment and recovery – the response to the incident should include a recovery plan and, where necessary, procedures for damage limitation.
        2. Assessing the risks – you should assess any risks associated with the breach, as these are likely to affect what you do once the breach has been contained. In particular, you should assess the potential adverse consequences for individuals; how serious or substantial these are; and how likely they are to happen.
        3. Notification of breaches – informing people about an information security breach can be an important part of managing the incident, but it is not an end in itself. You should be clear about who needs to be notified and why. You should, for example, consider notifying the individuals concerned; the ICO; other regulatory bodies; other third parties such as the police and the banks; or the media.
        4. Evaluation and response – it is important that you investigate the causes of the breach and also evaluate the effectiveness of your response to it. If necessary, you should then update your policies and procedures accordingly.
        These issues are considered in greater detail in our guidance on data security breach management (pdf). We have also produced Notification of data security breaches to the ICO (pdf) and Notification of PECR security breaches (pdf). These provide guidance on:
        • the circumstances in which we expect organisations to notify us of security breaches;
        • the information we need in those circumstances; and
        • what organisations can expect us to do after they notify us.

        Use our security breach notification form (Word) to report a breach to us.
        #staysafestayhome

        Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

        Received a Court Claim? Read >>>>> First Steps

        Comment

        View our Terms and Conditions

        LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

        If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


        If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.

        Announcement

        Collapse

        Welcome to LegalBeagles


        Donate with PayPal button

        LegalBeagles is a free forum, founded in May 2007, providing legal guidance and support to consumers and SME's across a range of legal areas.

        See more
        See less

        Court Claim ?

        Guides and Letters
        Loading...



        Search and Compare fixed fee legal services and find a solicitor near you.

        Find a Law Firm


        Working...
        X