NHS Trusts and Hospitals control and process highly sensitive and personal patient data, and  have a duty to keep that data safe and secure. And, for the most part, they do. However,  DRM Legal receive a steady flow of enquiries regarding data breaches by hospitals and other health providers. These breaches can happen as a result of “human error” – often due to inadequate staff training, staff mistakes or negligence. Or, even worse, they may be the result of malicious [...]

Data breaches by universities are becoming ever more frequent. And considering the amount of personal data universities hold in relation to both their students and employees, they face an onerous responsibility in ensuring the safety and security of that data. Universities, like many other large organisations, have been the targets of cyber and phishing attacks - which in practice can be very difficult to defend against as hackers employ ever more sophisticated methods in a bid to unlawfully obtain financial [...]

Social services are under the control of local councils. They handle the highly personal information of some of the most vulnerable members of society. As such, they have a duty to keep such information safe, secure, and confidential. Any breach of this duty may be deeply distressing to those affected. Recently, there has been increased media coverage of data breaches by social services and the sanctions imposed on councils as a result of their carelessness in processing people’s personal data. [...]

Sandicliffe Motor Group, a vehicle dealership with a total of 10 sites in Nottingham, Leicester and Loughborough has revealed details of a cyber-attack.  It has been reported that the incident may have affected “thousands” of staff and customers.   On becoming aware of the breach on 20 February this year Sandcliffe immediately launched an investigation and reported the incident to the Information Commissioner’s Office.   The incident is said to have occurred when a member of staff opened a link [...]