Taxi for the voluntary notification of Data Protection breaches!
“Uber has confirmed its data breach in October 2016 affected approximately 2.7 million user accounts in the UK”, the Information Commissioner’s Office has announced. “We would expect Uber to alert all those affected in the UK as soon as possible.”
The breach involved names, mobile phone numbers and email addresses. “On its own”, says the ICO, “this information is unlikely to pose a direct threat to citizens. However, its use may make other scams, such as bogus emails or calls, appear more credible”.
It appears that the breach had been concealed at the time.
Under the GDPR, which comes into force on 25 May 2018, it is mandatory to notify a data breach in certain circumstances.
The ICO must be informed within 72 hours unless the breach is “unlikely to result in risk to individual(s)”.
The data subjects must be informed without undue delay where the breach is likely to result in high risk to individual(s).
Organisations are advised to put procedures in place to deal with a data breach if one should occur.
Please contact us if you require support with the new GDPR regulations.