What happens when a large organisation suffers from a significant data breach? First, people become suspicious of the company they are dealing with.
New customers are starting to shy away due to the adverse publicity which is associated with a large-scale data breach and existing customers are starting to show signs of discomfort. Recently the telephone and internet service provider, TalkTalk suffered a substantial breach of data.
As a result, we received enquiries from recent TalkTalk customers who wanted to understand what their legal rights are in relation to leaving TalkTalk and also how can they obtain compensations for breach of data. In relation to leaving TalkTalk, as with many similar consumer contracts, there is a 21-day cooling off period, which is essentially a grace period, during, which a consumer has the opportunity to change their mind without incurring a penalty.
TalkTalk customers are angry at the company's recent Behaviour might struggle to get out of their contract early. TalkTalk has said it will only wave termination fees for customers if they've had money stolen as a result of TalkTalk breach of data. TalkTalk says Bank details and personal information could have been accessed in what it called a significant and sustained Cyber attack, but that credit and debit card numbers had not been stolen.
The TalkTalk website says, that in the unlikely event that money is stolen from a customer's bank account as a direct result of the Cyber attack, rather than as a result of any other information given out by the customer, and as a gesture of goodwill, on a case-by-case basis, we will waive termination fees. So what are the rights of a TalkTalk customer in the circumstances of a data breach such as the one experienced recently? Yair Cohen is a lawyer specialising in internet related cases at the solicitors Cohen Davis. What does the contract say? I know you've had a look at the contract for us. Nobody ever reads the contract before they sign but you've read it. What does it say about leaving TalkTalk?
Well, unfortunately, there is no much hope for TalkTalk customers unless you are a customer who had been acquired recently and are within the first 20 days of your contract. There is no much you can do otherwise as must TalkTalk customers are tied into a 24-month contract, which they cannot terminate even in case of a significant breach of data. If a customer wants to leave before the expiry of the 24-month contract, they have to pay some Hefty fines, the early termination fee. It took me quite a while to work them out. They are complicated and difficult to calculate.
What if you're a customer who's simply alarmed by some of the stuff that's happened. The Information Commissioner said that TalkTalk should have alerted his office sooner about the breach and the company's chief executive was asked whether customers bank details have been encrypted by TalkTalk and she said the awful truth is that he did not know. I don't know. They had been slow in informing the authorities and they were apparently unaware of the basics of data encryption. So, is it not possible to call TalkTalk up and say “I want out of my contract because I don't believe you people are competent”? Unfortunately, as a customer there's not much you can do about terminating your TalkTalk contract because in its contracts, TalkTalk specifically excluded liability for loss of data, which might or might not be a lawful. It is highly questionable whether it is lawful and fair to exclude liability for breach of data in the UK, which means, as things stand, customers simply might not have a right to terminate a contract because of breach of data, particularly if they are unable to show that the breach resulted in financial loss to them.