Data Breach - The Which? Data Breach Redress Campaign

No sector is more aware than the recruitment industry of the current debate around the GDPR - not just the financial risk it poses to the recruitment sector and its suppliers, but also the impact on every recruitment business’ corporate reputation.

 

What are the problems of data breach?

At Volcanic, we’ve been highlighting for months that the problem of data breach is not just about the fines that can be imposed, but also the impact a loss of candidate data may have on a company's reputation, not to mention the direct cost of providing financial redress to the candidate in case of data loss.

 

Data Protection Bill

So it’s with dismay that we report of a campaign launched at the end of October 2017 by the Which? organisation.

 

Which? is now calling for the Data Protection Bill, which is currently being debated in parliament, to be amended so that independent organisations acting in the public interest can help groups of affected consumers to get collective redress. The call is widely supported by the public, with three quarters of those surveyed saying they would welcome an independent body helping to get redress on a collective basis.

 

What does this mean?

Basically, Which? is supporting an amendment to the new Data Protection Bill whereby consumers can be represented by companies (think PPI) to bring class actions against businesses that have suffered a data breach that can be identified as occurring through negligence.

 

So what’s the risk?

We’ve long known about the business risk that open source software can present. Writing for Computer Weekly, Arif Mohamed has stated:

“The security of open source software is a key concern for organisations planning to implement it as part of their software stack, particularly if it will play a major role.

“The main concern is that because free and open source software (Foss) is built by communities of developers with the source code publicly available, access is also open to hackers and malicious users. As a result, there could be the assumption that Foss is less secure than proprietary applications.

“The issue for anyone running a website collecting data will be about taking reasonable precautions, so it could be argued that choosing open sourced software is negligent in itself given all the evidence about the risks in using it.

The impact of this before the announcement of the GDPR was more of a ‘so what’ but, in a post-GDPR legislative landscape and if Which? gets its way, it could be catastrophic for a recruitment company.

Volcanic is supporting the recruitment industry towards GDPR compliance ahead of the May 2018 deadine. Download your free guide to GDPR for recruitment agencies.