Data protection breach

KMN1

How do I legally stand if a big holiday company has breached data protection and have admitted liability, saying it was human error? I have reported to the ICO but I believe they can take up to 3 months and will only prosecute the company! I feel that I have a case for compensation but they just keep sending me standard letters with no apology. This breach has caused stress and inconvenience and I’d rather deal with this myself and not being in solicitors. Where do I stand? 

davidmcn

Depends on the nature of the breach, I would have thought.

KMN1

Names, DOB, fight details, email address and phone numbers all given out! 

Undervalued

What quantifiable loss have you suffered?

If you actually suffer one then you should of course be properly compensated. Anything for simply the "stress and worry" will be fairly nominal at best.

KMN1

My holiday dates have been given out so my home will be empty! They told the person that was given my information that they were entitled to an amount of money that they weren’t!, they are now demanding this daily from me!  They have cancelled my seats as they could not transfer them to my new booking so really stressful as my original seats have now gone! 

[Deleted User]

Your post is very muddled.

Who did they give details to? 
What money does this person believe they are owed by the holiday company?
Why does this unnamed person now want this money from you?
Why and how has your booking changed? 

KMN1

An ex partner who was on a previous booking that was cancelled and refunded into a holiday voucher that they hadn’t contributed to. The ex partner called the holiday company to find out what had happened and they informed them that he was entitled to money when everything was paid by me. I booked a brand new holiday with a friend and the holiday company provided the booking reference to the ex partner so they could access full names, addresses, email addresses, contact numbers, passport numbers, flight details etc. 

[Deleted User]

Ok.

So the potential breach is in giving out details of the new booking to the partner. 

Any refund from the first holiday should have gone to the lead booker. Who was that? It is was him, that could also complicate the issue of whether he should have been given details of the second booking or not.

The seat bookings is simply to do with you rebooking the holiday, not any breach.

You might get a small goodwill gesture out of the company, but the impact appears to have been small. The ICO will take any action needed, but it sounds like a minor admin mess-up.

KMN1

The lead booker was me. The new booking reference had to be changed because the ex partner had ongoing access to all sensitive data because of holiday companies breach. So the seat booking was cancelled by the holiday company as they could not transfer it to the new booking reference that they had to set up to stop ex partner accessing data for any longer. Although holiday company did not clear all details from the new booking reference that ex partner had access too and I had to inform the DPO that details were still there and being breached. 

Gavin83

If you push it you might get £50 or something from the company. I assume that’s a sufficient remedy for you?

Billy_B_North

KMN1 said:

How do I legally stand if a big holiday company has breached data protection and have admitted liability, saying it was human error? I have reported to the ICO but I believe they can take up to 3 months and will only prosecute the company! I feel that I have a case for compensation but they just keep sending me standard letters with no apology. This breach has caused stress and inconvenience and I’d rather deal with this myself and not being in solicitors. Where do I stand? 

What loss have you suffered as a result of the breach?