skip to main content

A tale of two Toms: how to avoid a personal data breach

9th Feb 2024 | Data Protection & Information Law | Data Protection Audit for Businesses | Data Protection Round-up
Close up of a UK payslip

It recently hit the news that British actor Tom Hollander (Hollander) received a seven-figure Avengers bonus after his agent (who has previously worked with the Spiderman star) mistakenly confused his name with Tom Holland (Holland).

In this article, Rhiannon Hastings, data protection paralegal in our commercial team, reminds us why it’s important for everyone to do their due diligence when processing personal data to avoid a breach.

What happened?

Hollander received an email containing a payslip labelled as Holland’s first box office bonus after the agent’s accounts department confused the two names.

After querying that he isn’t in the Avengers films, Hollander proceeded to open the email which revealed Holland’s name and the sum of the bonus.

In consequence, the agent failed to protect Holland’s personal data and caused a personal data breach.

What is the impact of the agent’s failure to protect Holland’s personal data?

Irrespective of how high profile an individual is, personal data being shared with the wrong individual or organisation runs the risk of causing devastating and lasting issues.

Therefore, it’s important to handle personal data in a secure manner to protect the individuals whose data we process and ensure that staff are trained appropriately.

Here, given Hollander didn’t reveal the specific figure Holland received from the box office (albeit we’re aware it’s a seven-figure sum), the details relating to how much he earns from the Avengers films has been kept confidential.

Had those details been revealed, or his bank account details, this would have had a different impact.

What can we learn from this?

It’s common when handling personal data that you come across similar, or even the same, names so it’s important to act diligently before processing and sharing an individual’s personal data.

Carrying out checks to confirm the personal data you’re processing relates to the individual you intend to process will reduce the risk of incurring a personal data breach similar to the one discussed above.

In addition to carrying out thorough checks when processing personal data to reduce the risk of incurring personal data breaches, you should consider the following:

  • Review and, if necessary, update your data protection policy to ensure staff are aware of their responsibilities in handling personal data;
  • Implement regular data protection training for all staff and provide bespoke training for staff who regularly handle personal data; and
  • Ensure you have a robust system which can flag errors and encourage regular checks.

If you’d like some support in implementing bespoke data protection training, drafting or reviewing and updating data protection policies or require assistance with other data protection matters, please contact Rhiannon using [email protected].

Share this story...