Sage Shares Fall Following Data Breach

Sage, a business technology leader based in Newcastle upon Tyne and which provides software services to businesses in over 20 countries, has announced a breach in its data security leading to personal and bank details of UK employees at a large number of companies being accessed or viewed. Sage was founded in 1981 and, according to the BBC, now has more than 13,000 employees globally.

Sage stated in a publication on its website homepage that the breach occurred when there was "unauthorised access using an internal login to the data of a small number of our UK customers". The Guardian and FT Online reported that the breach could affect up to 280/300 UK companies linked to Sage, which appears to have opened a dedicated helpline in respect of the breach.

Sage shares fell 1.5% this morning.

Employer Data Protection Obligations

UK Companies which handle the personal data of individuals have strict obligations under the Data Protection Act 1998 (DPA) and are under a duty to process that data in accordance with extensive rules and guidelines set out in that act. Employers' obligations can be summarised by the eight data protection principles, set out in the DPA and with which they must comply. Those are that data must be; 1. Fairly and lawfully processed; 2. Processed for limited purposes; 3. Adequate, relevant and not excessive; 4. Accurate and up to date; 5. Not kept for longer than necessary; 6. Processed in line with data subjects' rights; 7. Secure; 8. Not transferred to other countries without adequate protection.

The Information Commissioner's Office is responsible for ensuring companies meet their obligations under Data Protection laws, and has the power to investigate potential breaches and enforce penalties where appropriate.

If you have any questions on the above please do not hesitate to contact the team at McDaniel & Co. on 0191 281 4000 or legal@mcdanielslaw.com.