ICO: Companies must do more to help customers affected by “devastating” data breaches

Third of victims “emotionally distressed” as a result, claims Information Commissioner

Information Commissioner John Edwards has urged organisations to do more for clients and customers affected by “the devastating impact” of data breaches.

In research released this week, Edwards suggested that 55% of adults in the UK had been the victims of a data breach of some sort. He said the distress caused as a result is often underestimated.

“Thirty per cent of victims report emotional distress, yet twenty-five per cent receive no support from the organisations responsible. Even more troubling is that thirty-two per cent of those affected find out through the media rather than from the organisation itself, deepening feelings of betrayal,” said Edwards.

He urged organisations, including businesses, local authorities and the NHS, to do more to both protect personal data and help victims affected by security breaches.

“Too many organisations fail to fully appreciate the harm they cause when they mishandle personal data. When a data breach occurs, it’s not just an admin error – it is a failure to protect someone. In many cases if that someone is in a vulnerable situation, they are already facing innumerable personal challenges, or they may be at risk of harm,” he added.

And he issued a “stark warning” to organisations of all types that they must do better.

“To many organisations, a data breach might seem like a temporary setback; something that can be patched up with technical fixes and compliance reviews. But from the perspective of individuals – especially those in vulnerable situations – a breach can have a far-reaching ripple effect that disrupts their lives in ways that some may not fully appreciate.”

Organisations need to understand the importance of empathy – understanding how people affected by a data breach will feel – as well as action. “It is vitally important to acknowledge what has happened, be human in your response and commit to making sure it doesn’t happen again,” he said.

The research was conducted by Savanta on behalf of the ICO among 5,533 members of the public in January and February this year. It was intended to provide qualitative information about how data breaches had affected people’s lives. Edwards highlighted how people who had suffered domestic abuse, long-term health conditions and other personal matters were disproportionately affected.

Some even felt forced out of jobs, and even had to move homes as a result.