If you are searching for information about data breach compensation, this guide can help. Data breaches, cyber-attacks and organised hacks are in the news more than ever now and the impact of personal information being compromised can be devastating for the data subject. What may be less known is that you could claim compensation for any financial losses or mental health injuries caused by this compromise in your personal data.
This guide describes what a data breach claim is and who can make one. We’ll look at some ways that a compromise of your personal data can happen and how compensation could be awarded for successful data protection breach claims.
Then we lay out the types of evidence that can support a compensation claim. We explore how involvement from the Information Commissioners’ Office (ICO), an independent body set up to enforce the data protection rights of the public, could help.
To close our guide, we detail how a solicitor from our panel could assist you in starting a compensation claim for a compromise of your personal data via a No Win No Fee agreement. Please continue reading, or alternatively, why not speak to our dedicated advisory team now to learn more:
- Call on 0161 696 9685 to see how No Win No Fee solicitors can help.
- Contact an advisor via an online enquiry.
- Or ask the live discussion bubble a question about data protection breach compensation.
Jump To A Section
- What Is A Data Breach Compensation Claim?
- How Can Data Breaches Happen?
- How Could Compensation Be Awarded For A Data Breach?
- What Do I Need To Claim Data Breach Compensation?
- Do I Need To Report A Data Breach To The Information Commissioner’s Office (ICO)?
- How A No Win No Fee Solicitor Could Help Claim For A Data Breach?
- Learn More About Data Breach Claims
What Is A Data Breach Compensation Claim?
There are a couple of data protection laws called the Data Protection Act 2018 (DPA) and UK General Data Protection Regulation (UK GDPR). They set the manner in which personal data should be legally processed by the third-party that uses it. If a data controller or data processor fails to adhere to data protection legislation, a compromise of personal data could occur. We explain the roles that a data controller or process have in the next section.
If your personal data is compromised, you could be eligible to claim data breach compensation. However, there are set eligibility criteria that need to be met. You will require evidence that proves that:
- Failure to adhere to data protection laws on behalf of the data controller or processor caused a breach. This breach could have occurred either through criminal activity, such as a hack or accidentally through human error.
- This breach compromised your personal data.
- You suffered financial losses or damage to your mental health (or both) due to this breach.
What Is Personal Data?
Personal data is a term used for any piece of information that alone, or when used in conjunction with other details can infer or reveal your identity. This includes:
- Name, home address and contact phone number.
- Email address.
- National Insurance number.
- Bank account details.
- Passport information.
In addition to this, other information is classified in a way that demands higher levels of care when processed. For example, medical records, political and religious beliefs, biometric information and criminal records are classed as ‘special category data‘.
How Can Data Breaches Happen?
The ICO identifies two main groups who process personal data called data controllers and processors. The controller typically sets out the reason for data processing and how it will be processed. Data processing is anything that is done with personal data, such as its collection and use. A data processor can be instructed to process data on behalf of the controller. Both groups have equal responsibility to comply with the DPA and UK GDPR data protection law.
Whether it’s accidental human error or deliberate, wrongful conduct on the part of these two groups, it can give rise to a security incident involving personal data (otherwise known as a data breach). Broadly, this is when data is rendered unavailable, inaccessible or its confidentiality is compromised. Some examples:
- The HR department in a firm posts the personal data of a staff member to an incorrect address (even though they held the correct details), allowing others to access the personal information.
- A retail outlet throws payment details in a normal bin and it offers criminals the chance to collect this personal data and sell it on the web. This results in emotional distress for some customers.
- Staff in a GP clinic discuss a patient’s medical details openly, causing the patient acute distress.
These are merely a handful of data breach compensation examples that could form a valid claim. We invite you to connect with the advisory team to talk about your case. They could connect you with excellent legal representation to help your particular data protection compensation claim.
How Could Compensation Be Awarded For A Data Breach?
If you make a successful claim, the settlement may incorporate two types of loss. These are classed as material damage and non-material damage.
Non-material damage reflects the mental health impacts created by the data breach. The repercussions of compromised personal data may give rise to worry, anxiety, depression or even trigger a traumatic reaction such as Post Traumatic Stress Disorder (PTSD).
Those whose job it is to value non-material damage can use psychiatric notes from a GP or counsellor to guide them. In addition to this, they can compare medical findings with publications such as the Judicial College Guidelines (JCG).
This document provides award bracket guidelines for numerous psychological injuries according to their severity. To illustrate, you’ll find an excerpt from the JCG below.
Compensation Guidelines
Type of Harm | How Severe? | Guideline Bracket | Definition |
---|---|---|---|
Severe psychological injury and material damage payment | Severe | Up to £250,000 plus. | An amount here would include more than one form of psychological damage as well as amounts for care, medical fees and lost income/related data breach expenses. |
General Types of Psychological Harm | (a) Severe | £66,920 - £141,240 | A severe impact in all areas of life and future outlook is deemed to be poor. |
(b) Moderate Sevetity | £23,270 - £66,920 | Cases where there are similar problems with work, relationships and education but a move favourable outlook seems likely. | |
(c) Moderate | £7,150 - £23,270 | Similar mental health challenges to the two brackets above but a distinct improvement noticed by any point that trial date arrives. | |
(d) Lesser Severity | £1,880 - £7,150 | Awards here are reflective of how long the disability lasted. | |
Post-Traumatic Stress Disorder (PTSD) | (a) Severe | £73,050 - £122,850 | Permanent trauma that prevent work and normally functioning on any level. |
(b) Moderate Severity | £28,250 - £73,050 | This bracket differs from above based on an improvement made after professional counselling has taken place. | |
(c) Moderate | £9,980 - £28,250 | Largely a recovery is seen and continuing issues are not disabling in a grossly damaging way. | |
(d) Lesser Severity | £4,820 - £9,980 | Cases of more or less a complete recovery and any symptoms that are minor only persist past 12 - 24 months. |
Please note that these amounts are intended purely as guidance and the topline entry does not come from the JCG. If you would prefer to speak in person to a member of our advisory team about what you could be owed in data breach compensation, connect using the options above.
Can I Claim For Material Damage Caused By A Data Breach?
Material damage, otherwise known as monetary loss, can also be caused by a compromise of your personal data. For instance, you may have missed time from work because of the stress caused to you and this resulted in a drop or loss of income. You would be required to prove the financial damage created by the data breach. So it’s beneficial to keep hold of any payslips. There may be other impacts you can prove such as:
- Receipts showing the cost of replacing devices such as laptops and smartphones that were corrupted.
- Proof of any costs you incurred trying to restore privacy and safety for yourself. In serious cases, this might involve having to move your address.
Call to discuss any losses you incurred through a personal data breach to see if you could be compensated for them.
What Do I Need To Claim Data Breach Compensation?
To present solid grounds to claim data breach compensation, you need to put forward evidence that shows a data controller or processor failed to adhere to the data protection laws in place and this failure breached your personal data. You will also need proof what harm you are claiming compensation for.
Once you have clearly established this, you can start to pull together evidence that supports your claim such as:
- Any correspondence about the data breach incident from the organisation.
- Statements and credit reports that reveal financial harm.
- Medical proof or a counsellor’s report about your mental state following the compromise of your personal data.
- Bank statements, payslips and evidence of directly related financial harm.
Contact an advisor to discuss what evidence could support your data breach claim today.
Do I Need To Report A Data Breach To The Information Commissioner’s Office (ICO)?
All organisations must report data protection breaches that have the potential to impact the freedoms and rights of data subjects involved. The controller or processor needs to report a serious data breach to the ICO within 72 hours of discovering it.
You are also free to report a data protection breach yourself to the ICO. You should consider this no later than 3 months after the last significant contact about the security incident from the organisation in question.
The ICO cannot pay compensation. However, if they do investigate the breach, you can use their findings as supporting evidence in your claim.It does not impact your claim whether you do or do not involve the ICO.
Call a member of our advisory team to discuss data breach compensation.
How A No Win No Fee Solicitor Could Help Claim For A Data Breach?
The expert advice of a data breach solicitor could make a real difference to your claim. The solicitors on our panel are well-voiced in helping claimants calculate data breach compensation.
In addition to helping you gather together supporting evidence, they can take care of vital court correspondence that arises and ensure your claim is submitted on time and in full. Furthermore, they can help with any legal jargon and argue for the best possible settlement on your behalf.
The solicitors from our panel will generally offer their No Win No Fee services under a Conditional Fee Agreement (CFA). This sort of contract enables you to access excellent legal representation:
- Without the requirement for any upfront fees for the solicitors.
- With no fees for solicitors’ work carried out throughout the data breach claims process.
- No fees at all for completed work by the solicitors if the claim is unsuccessful.
- A data breach case that is decided positively for you requires a success fee to be paid. As a percentage of the compensation awarded, it also has a legal limit.
Data breach solicitors might be able to step in and handle your claim with you. Our advisors take you through a short and informal call to ascertain how strong your claim is. If it’s eligible and you want to proceed, a data breach solicitor from our panel could begin work today. Discover more when you:
- Call on 0161 696 9685 to see how No Win No Fee solicitors can help.
- Learn more about data breach compensation through an online enquiry.
- Or ask the live discussion bubble a question.
Learn More About Data Breach Claims
As well as this guide about data breach compensation, you might find these other resources from our website useful:
- ‘What could be the value of my data breach claim?’ Find out here.
- Read the steps you can take after your information was breached by work.
- Also, there is information on credit card data breach claims.
External resources:
- Read about the penalties the ICO have issued.
- More information from GOV.UK on the Data Protection Act.
- Advice on tips for staying safe online from the National Cyber Security Centre (NCSC).
We appreciate your interest in this guide about data breach compensation and how to claim. If you have further questions or concerns about your data breach claim, please speak to our dedicated team.