It’s an unfortunate fact of the modern world that we’ve all had to become much better at policing our own data security. Our personal information has become much more valuable and, as we use digital technology in every part of our lives, it is more vulnerable than ever.
Awareness about the threats we all face is growing, but even so, for all the precautions we may put in place, it’s not possible to be entirely protected. If the worst happens and your data falls into the wrong hands, it’s important to know what to do in order to minimise the damage.
The consequences of having your data stolen can be severe. Fraudsters may be able to steal your money, but they may also be able to take on your identity. If that happens they can open bank accounts, take out loans and use all sorts of other services in your name. That can have an enormous impact on your data profile, which now governs many facets of daily life including your credit history.
If scammers start taking out lots of loans which they fail to repay, your credit rating will quickly start to decline making it much more difficult to obtain credit in the future. The trouble is, it’s not always easy to spot when your data has indeed been stolen.
Thieves may only take small amounts out of your bank at a time to avoid being detected. If they are using your details to take out loans, the only time you might spot a problem is if you suddenly find that you are denied credit.
You should keep a close eye on your finances. Study your bank statements and, if you see a payment you can’t identify you should immediately query it with your bank. It’s also worth checking your credit status.
If this falls suddenly for no clear reason, it could be a red flag that your data has been stolen. You may also receive letters from debt collection agencies or court summonses relating to unpaid bills you know nothing about.
The one thing to remember, though, is that time is of the essence. If your card is stolen or you find that you have been a victim of data theft you should act as quickly as possible.
Who Should You Contact?
There are a number of organisations who you should contact as soon as you become aware of a breach. These include:
- Your Bank: If your account has been breached, contact your bank as soon as possible. They will be able to prevent any further theft and may be able to refund you for any losses you have already suffered.
- The Post Office: One of the most common ways in which fraudsters will attempt to access your data will be by stealing your mail. If you think items are going missing, contact the Post Office and they will investigate the issue on your behalf.
- Debt Companies and the Courts: If fraudsters stole your data some time ago, they may already have been running up bad debts on your behalf. Sometimes the first indication people get that a breach has occurred is when they receive a court summons or letter from a debt collection agency. Don’t ignore the issue as you may end up with a County Court Judgement against you which could make it almost impossible to get credit in the future.
- Contact the Police: You should always report the suspected fraud to the police. In many cases your bank may call the police on your behalf – but it’s best to ensure you have an open dialogue. Alternatively, you can report the case to Action Fraud who can notify the proper authorities.
What Are Your Rights?
If you are a victim of a fraud, it’s important to understand your rights and what protection you’re entitled to. If you have lost money as a result of a fraud you may be entitled to a full refund.
In 2017 new Payment Protection Regulations came into force. These replaced the Payment Services Regulations of 2009 and brought the European Second Payment Services Directive (PSD2) into UK law. These set out all the rules banks or payment service providers should follow if you suffer a data breach.
For example, if your debit card is stolen, your bank will refund the amount you have lost as long as you report the loss without undue delay. However, they may make deductions or refuse a refund if they can show you either acted fraudulently or did not take reasonable steps to keep your card secure.
If they conclude that you did not take reasonable precautions to keep your debit card information secure, you will be liable for the first £50 of any loss. If they find that you were grossly negligent in protecting your card’s features, they may not have to refund any of the total at all.
The rules are similar for unauthorised debit deductions. These occur if your card details have been stolen or your card has been cloned. Although you still have the card in your possession the fraudsters may be able to use it in much the same way. You should be entitled to a full refund as long as you report the breach promptly.
These provisions do not apply in the same way for credit cards which are still covered by the Consumer Credit Act of 1974. If your card is used to make unauthorised payments you will only be liable for the first £50 of money lost.
The main thing to take away from this is personal responsibility for your financial data. If you stay on top of your security measures and monitor the money going in and out of your account, you should be able to successfully claim any funds lost to fraud.
What If An Organisation Has Lost My Data?
One of the main ways your data may be stolen is through a third-party organisation. For example, if you shop online the provider will often keep your payment details on file. Although GDPR has been brought in to limit this practice, it’s best not to assume everyone is following the guidelines. If anyone holding your personal data is hacked, all your data could be exposed.
Under new data protection laws, companies have a wider range of responsibilities if a breach occurs. They will have to inform you without due delay and should give you the contact details of their data protection officer. From here the company should tell you what the likely consequences of the data breach might be and what they are doing to deal with it including any measures they are taking to minimise the damage to you.
This will allow you to take immediate action such as changing passwords or contacting your bank to inform them of the breach. As long as you can show that you acted promptly and took all reasonable care of your data you should be entitled to a refund.
Understanding The Claim Process
If you have suffered a data loss – be it financial or more personal – you may be able to make a complaint to the company or claim compensation. The best way to do this is to directly contact the organisation involved and set out what losses you believe you have incurred as a result of the breach.
In many cases the company may dismiss your claim. Don’t take this at face value – they often automatically refuse the claim in the hope that you will be discouraged and go away. However, you can still take your claim further by contacting the Information Commissioner’s Office (ICO). They do not have the power to force the company to pay compensation, but their opinion may help you in deciding whether or not you have a case.
If so, you might pursue the company through the small claims court. If the ICO agreed with you, this will serve as excellent evidence if the company continues to fight you through the courts.
Stop It Happening Again
Once you’ve notified all the right people and secured your refund, the important thing is to stop it from happening again. It’s a good idea to get yourself onto the CIFAS Protective Register. This alerts financial firms that your details may be at increased risk of being breached by scammers and ensures they will run enhanced checks when applications for credit are made.
Make sure you do everything you can to keep your personal details safe and keep an eye on your financial situation to spot problems if they do arise in the future. Of course, you won’t be able to eliminate risks completely, but you can reduce the chances of your data being stolen and limit the damage if it is.