Personal data breach
Damaging a person's reputation, carrying out malicious or fraudulent activities in their name
cases of personal data breaches were recorded in 2018
(CNIL, January 2019)
What constitutes a personal data breach?
First of all, you should know that it is considered a personal data any information relating to an identified or identifiable natural person. This may include your surname, first name, age, gender, address, telephone number, etc. Certain data is considered particularly sensitive, such as information relating to your health, ethnic origin, sexual orientation or religion.
According to the General Data Protection Regulation, better known as GDPR, the breach of personal data is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.
There are three types of personal data breaches:
- The breach of confidentiality, when personal data is disclosed or when unauthorised access has occurred accidentally; ;
- The breach of integrity, which consists of modifying personal data in a file; ;
- The availability, i.e. the destruction or loss of personal data.
In most cases, personal data breaches are the result of hacking. The objective? To damage the person's reputation or carry out malicious or fraudulent activities in their name.
What does the law say?
Various offences may be considered:
- Unauthorised access to an automated data processing system (Article 323-1 of the Criminal Code) is an offence punishable by two years' imprisonment and a fine of €60,000; ;
- Breach of confidentiality of correspondence (Article 226-15 of the Criminal Code) is an offence punishable by one year's imprisonment and a fine of €45,000; ;
- The collection of personal data by fraudulent, unfair or unlawful means (Article 226-18 of the Criminal Code) is punishable by 5 years' imprisonment and a fine of €300,000; ;
- Identity theft via telecommunications (Article 226-4-1 of the Criminal Code) is punishable by one year's imprisonment and a fine of €15,000.
It should also be noted that, through the GDPR, the law requires all organisations that process personal data to implement preventive measures to prevent any breach of the latter. And if a personal data breach is detected, despite the preventive measures taken, the organisation is obliged to deploy the necessary means to put an end to it as quickly as possible.
In addition, the organisation must notify all persons affected by the attack or accident that led to the disclosure or loss of personal data. A notification to the CNIL must also be submitted within 72 hours.
Victims whose personal data has been disclosed may hold the organisation liable if it transpires that the organisation had not put preventive measures in place to secure its entire process and that they have suffered damage.
How can you protect yourself against personal data breaches?
To prevent your personal data or that of your children from being stolen on the Internet, you can first teaching your child good digital habits :
- Never give out your password, even to his/her best friend! It must remain personal and confidential.
- Do not leave your phone or tablet unattended., especially if their session is open.
- When using a shared tablet or computer, Remember to log out of your account after use to prevent anyone else from accessing it.
- Avoid browsing and downloading content on unsafe or illegal websites, opening emails or attachments from unknown senders, to connect to a computer or to a public Wi-Fi networks in order to protect themselves from the risk of computer hacking.
There are also several ways to enhance your digital security and thus limit the risk of hacking:
- Update your web browser regularly.. This ensures you have the latest versions of antivirus and other protection software. If your operating system and software are up to date, they will have fewer vulnerabilities and be more difficult for hackers to penetrate.
- Browse in private mode This prevents all your actions from being recorded in your history. It also limits the sending of your information to the various websites you visit.
- Delete your history regularly.
- Configure your browsing settings via Mozilla, Firefox, Google Chrome or Internet Explorer. This will allow you to refuse the use of information related to your browsing if you wish.
- Use ad blockers. They are a good way to avoid seeing the various advertisements that may appear on the screen, some of which are scams or viruses.
- Limit the installation of browser extensions to what is strictly necessary.
In general, be vigilant when browsing the Internet and only give out your personal information if you are certain that the site is legitimate and reliable.
What should you do in the event of a personal data breach?
Several checks and modifications are required:
- In the event of computer hacking, Identify the possible sources of the intrusion (weak login credentials, clicking on a malicious link, outdated antivirus software) and the affected devices in order to take appropriate action.
- Back up your personal data., perform a antiviral analysis affected equipment and restoration from a recent backup.
- If your account has been hacked, request a password reset. and contact the relevant service or platform to report that your account has been hacked.
- Choose a strong password ; if possible, enable two-factor authentication.
- Remember to change the password on all other accounts. where you used it (a unique password for each account!)
- Notify all your contacts of this hacking to prevent them from becoming victims themselves.
Several legal remedies are also available. You can file a complaint and initiate legal proceedings. action for damages of the damage suffered, in order to put an end to the infringement, but also to obtain damages. It may even be a class action if several people are victims of the same acts by the same individual.
On the other hand, personal data is often disclosed to a third party as a result of fraudulent activity. In this case, you can also take action as a victim of’fraud.
Please do not hesitate to contact 3018 for all the necessary information in the event of a breach of your personal data.
You can also visit the website cybermalveillance.gouv.fr
To go further
Need assistance?
Bullying, cyberbullying, revenge porn, webcam blackmail, identity theft, gender-based and sexual violence, exposure to violent and pornographic content, etc., and all issues related to usage (video games, parental controls, account settings, overexposure to screens).
News
