sign up log in
Want to go ad-free? Find out how, here.

Empathy and action needed for data breach victims: UK information commissioner

Technology / news
Empathy and action needed for data breach victims: UK information commissioner
By PrivacyMaven - Own work, CC BY-SA 4.0
UK Information Commissioner John Edwards. By PrivacyMaven - Own work, CC BY-SA 4.0

The infosec saying that it's not a matter of if you'll be hacked, but when, might just be true if the British experience is anything to go by. What's more, if you suffer a data breach, support can be hard to come by.

The United Kingdom's privacy watchdog, the Information Commissioner, reported new figures from a survey that show 30 million people have had data lost or stolen. There are 69.3 million people in UK, and the ICO said 55 per cent of adults there reported having experienced a data breach.

New Zealand's former privacy commissioner, John Edwards, who now runs the UK ICO noted that the data breaches can have a devastating effect on people's lives, with 30 per cent of respondents saying the experienced emotional distress as a result.

Despite that, a quarter of survey respondents received no support from the organisations responsible for holding data securely, and almost a third of breach victims only found what had happened through media.

People said they've had to move homes, feeling forced out of jobs and facing discrimination due to the data breaches they had experienced. 

Edwards called on organisations to do more to help data breach victims.

“There are two important things I need organisations to understand: empathy and action. You have a role to stop the negative ripple effect in someone’s life from spreading further. It is vitally important to acknowledge what has happened, be human in your response and commit to making sure it doesn’t happen again," Edwards said.

Given how much sensitive and potentially abusable information so many organisations collect on people, data that's often not secured, it's worth thinking about what Edwards says, carefully. 

That emailed "we take our customers privacy and security seriously" data breach notification doesn't usually go far enough. That is, if a notification goes out at all, and people don't have to find out from other sources (such as the excellent HaveIBeenPwned site) instead.

We welcome your comments below. If you are not already registered, please register to comment.

Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.