Personal data theft: contact your lawyer!

When you create a customer account with a bank, an online business or a shop, you are transmitting personal data. This data is stored and every company must guarantee its confidentiality. But how can we ensure that it is used lawfully? And what should you do if your personal data is stolen? Your lawyer tells you everything!

What is personal data?

Personal data is any information that enables a person to be identified, directly or indirectly. It may be a name, postal address, telephone number or e-mail address. It can also be a national insurance number or a bank account number.

In practice, any person or company that stores personal data can be a potential target. Personal data can be contained in customer files or HR files with information on employees. It can also include any private document stored on a computer, correspondence relating to credit cards and financial data (codes), or network identification information (passwords). This applies to companies that store a large amount of data, as well as to private individuals.

Theft of personal data

The theft of personal data involves the illegal transfer or storage of personal, confidential or financial information. This serious breach of security and privacy can have major consequences for individuals and businesses, as it compromises data confidentiality.

An unauthorised person can access this information, modify it, delete it, or prevent access to the owner. There is then an obvious risk of identity theft and fraudulent use of information relating to bank accounts, online passwords, passport or social security numbers, medical records, etc.

The thief can use the data directly to access secure accounts, set up credit cards in the victim’s name or use the victim’s identity, once enough information has been stolen. But most cyber attacks involve reselling the data to other malicious organisations.

In practice, the theft or accidental leakage of data can result from a variety of actions:

• Phishing consists of the perpetrator posing as a trusted entity (EDF, the post office, your bank, the tax authorities, etc.) to trick the victim into opening a message containing a fraudulent link.
• Downloading programmes or documents from compromised websites can also give criminals unauthorised access to the victim’s device, enabling them to steal data.
• Human error, such as accidentally sending files to the wrong person, can result in the unintentional transfer of data.
• The vulnerability of a software system or server can also open a breach for hackers.
• Using a weak password , or the same password for several accounts, can also lead to data theft, particularly by facilitating access for the perpetrators of the cyber attack. The same applies to information freely available on networks.

The right reflexes to protect your personal data

• Be careful when giving out information on the Internet: do not save bank details for one-off online purchases, limit the information you give on online sites or services to the minimum necessary, limit sharing on social networks, etc.
• Use of different,secure passwords for each site or application used to prevent chain hacking.
• Activate dual authentication to increase the level of security.
• Updating antivirus software
• Exercise your right to have your personal data deleted by organisations and services with which you no longer have a relationship: model letter proposed by the CNIL.
• Closing unused accounts that are an easy entry point into your private life.
• Seek advice from a lawyer who is an expert in Internet law.

Contact your lawyer in the event of a personal data breach

The theft of personal data is not inevitable. You can take action to obtain compensation! To begin with, report and request the deletion of pages, accounts and messages disclosing your personal information from the platforms (Facebook, Twitter, LinkedIn, for example) on which they are published.

You can go even further by asking search engines (Google, Yahoo, etc.) to ensure that the personal data disclosed (information or photos) is no longer referenced and accessible by Internet users. If the data is not deleted within one month, you can submit a complaint to the CNILvia its dedicated teleservice.

In the event of fraudulent use of your personal data, contact your lawyer specialising in criminal law. Remember to keep proof of such use, mainly in the form of screenshots and references to the websites concerned. Your expert lawyer will help you decide what action to take: lodge a complaint (with the police or the public prosecutor at your local court), then take action to stop the violation and obtain compensation for the damage suffered.

Criminal offences relating to the theft of personal data

Fraud

Penalised underarticle 313-1 of the Criminal Code, fraud consists of deceiving a natural or legal person, by using a false name or fraudulent manoeuvres, in order to obtain the delivery of goods or sums of money, for example. It is an offence punishable by 5 years’ imprisonment and a fine of €375,000.

Identity theft

Underarticle 226-4-1 of the Criminal Code, the offence of fraud consists of usurping the identity of a third party or using data that can be used to identify them, in order to disturb their peace and harm their honour. It is punishable by 1 year’s imprisonment and a €15,000 fine.

Illegal data collection

The law on the processing of personal data has introduced a specific offence of unlawful data collection.Article 226-18 of the Criminal Code punishes the offence of collecting data by fraudulent, unfair or unlawful means with 5 years’ imprisonment and a €300,000 fine.

The theft of personal data may also be punishable by other offences, such as forgery and fraudulent use of means of payment. Your lawyer will gather all the necessary documents and draw up a defence tailored to your situation.

Call on your lawyer for your company’s compliance with the RGPD

Companies use a great deal of personal data as part of their advertising campaigns. This commercial practice, which has become commonplace, has raised many questions about the confidentiality of this data. In order to respect the privacy of the individuals concerned, companies must guarantee the security of their data. The European Parliament has drawn up the General Data Protection Regulation to enable companies to comply with the right to protect the privacy of European users. This represents a real legal and financial challenge for companies!

Call on your lawyer specialising in new technologies to help you comply with the RGPD.

• Benefit from legal advice and a cross-functional vision to optimise your IT operations and processes.
• Opt for a full RGPD audit with an impact analysis of data processing at risk.
• Draft and negotiate your contracts for the collection and processing of personal data.
• Ensure that your practices comply with the RGDP and appoint a Data Protection Officer (DPO).

If necessary, your lawyer will defend you in court if you are accused of a personal data breach.

Whether you are an individual or a company, consult your lawyer now to find out more about criminal law issues!