This year in June, Dixons Carphone announced that a major data breach had occurred, estimating that 1.2 million customers were affected by the hack. This number has now risen to 10 million customers’ who may have had their personal information hacked, including their names, addresses, and email addresses.

Dixons Carphone announced that no bank details were taken, however, 5.9 million payment cards were accessed, although the majority were protected by chip and pin.   

The company has expressed regret for any distress caused by the hack, stating they would be apologising to the customers affected in due time. Dixons Carphone chief executive, Alex Baldock advised that they are working with the top cyber security experts, in order to improve security measures, which has involved:

Since news broke regarding the British Airways data breach, the airline - which is already facing massive fines of up to £500 million from the Information Commissioner’s Office – is now set to face legal action from customers who have suffered financial losses.

The legal action was instigated by SPG Law, who are seeking compensation for their clients, not only for their financial losses, but also claiming costs for the “inconvenience, distress, and misuse” of their personal data.  

SPG Law confirmed that they have sent the airline a “Letter before action” document, in order to commence discussion regarding settlement. Within the letter, it states that If BA refuse to cooperate this will result in group litigation, which would allow the courts to manage numerous cases against them at once.

Tom Goodhead, a Partner at SPG Law discussed the airlines failings, stating:

The legal requirements pertaining to surveillance and personal cameras are contained within the code of practice issued by the ICO.

Surveillance is now a proactive technology which can identify people and keep detailed records of activities.

As a consequence of the greater use of personal surveillance, the Protection of Freedoms Act (POFA) was passed in England and Wales. The POFA has seen the introduction of a new surveillance camera code and appointment of a Surveillance Camera Commissioner, while the ICO's code of practice adds even more enforcement powers.

According to a study from the Information Commissioners Office (ICO), data breaches have shown a 75% increase in the past two years.

The report was conducted by Kroll, one of the top corporate investigations and risk consulting firms, based out of the US. Kroll compiled data breach reports which were submitted to the ICO, regarding breaches of personal data, including financial and health details. Some of the data contained in the reports were of public knowledge, whilst other forms of data were accessed under the Freedom of Information Act.

The final report established that over 2,000 reports submitted to the ICO were due to human error in the past year, with the most common grounds for a data breach being: data being sent by email or fax to the wrong recipients and the loss or theft of paperwork.

Article 28 of the General Data Protection Regulation (GDPR) states the conditions of a data processing agreement between the data controller and the data processor.

Recently, this agreement has been brought in to question, regarding its workability and whether it is actually working in the way it is prescribed in the GDPR requirements. https://gdpr-info.eu/art-28-gdpr/

Organisations are usually established as the data controller, and the program they use acts as the data processer, i.e. Microsoft One Drive for Business, which is utilised by various companies. In accordance with Article 28 of the GDPR, an organisation should have a controller-processor agreement with their chosen software, which would usually be dictated by the data processor.