How Do I Make A Compensation Claim For An Illness Data Breach?

This guide will explore when an illness data breach claim could be made. Organisations have a responsibility to protect your personal data as per data protection law. If they fail to do so, causing your personal data to become compromised, you may be able to claim. However, you must prove you suffered financial or psychological damage. We will explore an organisation’s responsibilities in further detail throughout this guide as well as the steps you could take if they fail to adhere to data protection law.

Illness data breach

Illness data breach claims guide

Additionally, we will explore how data breach compensation is calculated and the different damage you could seek compensation for.

Furthermore, we have provided guidance on seeking legal representation under a type of No Win No Fee agreement known as a Conditional Fee Agreement. You may find this beneficial if you wish to hire a solicitor but are concerned about the costs of doing so.

If you’d like to enquire about making a potential claim or you would like to ask any questions regarding the information in our guide, get in touch with an advisor. You can reach them via:

  • Phone – 0161 696 9685
  • Online – Fill out our contact form
  • Live chat – Speak with an advisor using the chat feature below

Select A Section

  1. What Is An Illness Data Breach?
  2. What Information Could Be Affected In An Illness Data Breach?
  3. Have Any Illness Data Breaches Happened?
  4. How To Deal With A Personal Data Breach
  5. Medical Data Breach Compensation Amounts
  6. Illness Data Breach – No Win No Fee Claims

What Is An Illness Data Breach?

A personal data breach is a security incident in which the integrity, availability or confidentiality of your personal information has been affected.

The Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) are both integral pieces of legislation that outline a data controller and data processors responsibilities for protecting your personal data.

A data controller sets the purpose for processing your personal data. They can also process the data themselves. A data processor acts on behalf of the data controller. If they fail to adhere to data protection law, it could result in an illness data breach which could compromise various types of personal data. We have explored this in more detail in the section below.

There are 2 different types of damages you can claim if you have been the victim of an illness data breach, material and non-material loss. We will examine both further on in this article.

What Information Could Be Affected In An Illness Data Breach?

There are various types of personal data that could be compromised in an illness data breach. For example:

  • Name
  • Address
  • Email address
  • Date of birth
  • Bank details

Additionally, sensitive information could also be affected. This is known as special category data as it requires more protection. It can include data relating to your health, racial or ethnic origin, sexuality or religious or philosophical beliefs.

There are various organisations that could hold this information in your medical records, such as:

As data controllers, these organisations need to adhere to data protection law when processing your personal information. A failure to do so could result in your personal information being affected in a data breach.

For example, you may have been diagnosed with HIV and your doctor refers you to a clinic with medical professionals who specialise in the treatment of the condition. They also send you confirmation of the referral. However, they may send the letter to the wrong address, despite you giving them an updated address. As a result, your diagnosis is disclosed to another patient who lives in the same area as you. This causes you stress and anxiety as well as financial loss as you need to relocate due to the attention you have received.

For more information about whether you’re eligible to seek compensation following a breaches of medical data, call our team.

Have Any Illness Data Breaches Happened?

The Information Commissioners’ Office (ICO) is in place to uphold the rights and freedoms of data subjects. They are able to take enforcement action against organisations who breach data protection law. They can also investigate reports made to them.

According to the ICO, a former health adviser was found guilty of illegally accessing patient records. Additionally, the ICO provide an insight into data security incident trends. As such, it was found that there were a total of 427 cyber and non-cyber security incidents affecting the health sector during quarter 4 of the financial year 2021/22.

How To Deal With A Personal Data Breach

There are several steps you can take following an illness data breach. For example:

  • Contact the organisation: Organisations must report a data breach to the ICO that puts the rights and freedoms of a data subject at risk. They must do so within 72 hours. Also, they should report the data breach to the data subject without undue delay. However, if you haven’t heard from the organisation and you are concerned your personal data has been compromised, you can contact them directly.
  • Contact the ICO: If you haven’t had an adequate response from the organisation or they haven’t got back to you, you can contact the ICO. They may investigate the breach. However, they cannot award compensation.

Any communication you have with the organisation can be used as evidence to support your potential claim. Also, if the ICO carries out an investigation, their findings can also be used as evidence.

Medical Data Breach Compensation Amounts

When you make a data breach claim, you could seek compensation for material damage which covers financial loss caused by the personal data breach. For example, if your bank details are stolen and someone takes a loan out in your name, you could claim this back. You could also seek compensation for non-material damage which covers psychological harm caused by the personal data breach.

You can claim compensation for psychological harm, such as stress, anxiety, post-traumatic stress disorder or depression, even if you aren’t claiming compensation for financial loss. When valuing compensation for non-material damage, solicitors can use the Judicial College Guidelines (JCG) to help them.

This publication lists different types of mental harm with guideline compensation amounts alongside them. We have included these brackets in the table below. However, the settlement you receive could differ from what’s listed in the table. As such, you should only use them as a guide.

Type of HarmCompensation RangeNotes
Psychiatric Damage Generally - Severe£54,830 to £115,730There are several issues such as future vulnerability and an impact on the injured person's life and relationships. The prognosis is also very poor.
Psychiatric Damage Generally - Moderately Severe£19,070 to £54,830There are still problems with various areas of the person's life, including work and education but there is a better prognosis.
Psychiatric Damage Generally - Moderate£5,860 to £19,070The person will have shown improvement and the prognosis is good.
Psychiatric Damage Generally - Less Severe£1,540 to £5,860The extent to which harm has affected the person and for how long will be considered.
PTSD - Severe£59,860 to £100,670The person won't be able to function at the same level as before the trauma.
PTSD - Moderately Severe£23,150 to £59,860The person will have a better prognosis than in more severe cases. This is because of professional help aiding in recovery.
PTSD - Moderate£8,180 to £23,150

The person will have some ongoing effects but they won't be hugely disabling. They will have mostly recovered.
PTSD - Less Severe£3,950 to £8,180A virtually full recovery that takes place between one and two years. Some minor issues will continue.

For more information on seeking compensation following an illness data breach, call our team.

Illness Data Breach – No Win No Fee Claims

Our team of advisors could assign a data breach solicitor from our panel to represent you. If your claim is valid, they could offer to represent you under a Conditional Fee Agreement (CFA). This means that they operate on a No Win No Fee basis. As such, generally, there will be no requirement to pay your solicitor for their services if your case is unsuccessful. If your claim is a success, a success fee is deducted from your compensation as a legally capped percentage.

For more information about whether a solicitor from our panel could handle your case on this basis, get in touch with our advisors. They can also answer any questions may have regarding your potential illness data breach claim.

To get in touch:

  • Call us on 0161 696 9685
  • Fill out our contact form
  • Speak with an advisor using the live chat feature below


We hope this guide on making a claim following an illness data breach has helped. If you need any other information, call us on the number above.

Written by AC

Edited by MMI