This guide examines who may be eligible to claim compensation after experiencing financial loss and/or psychiatric harm following a victim of abuse data breach. We will cover key areas, including the legislation governing data protection and how such a data breach could occur.
Also included in this guide is an explanation of the different types of damage that a data breach can cause and how the possible compensation that could be awarded to address these impacts following a successful claim is calculated.
In the penultimate section of this guide, you will find a short overview of the No Win No Fee contract our panel of data breach solicitors can offer, including a breakdown of the advantages you can expect when starting your potential claim under these terms.
To talk to an advisor from our team, to ask any questions or to get a free consultation regarding the circumstances of your particular data breach claim, use the following contact information:
- Complete our online enquiry form here
- Call on 0161 696 9685
- Chat with us using the live chat service
Select A Section
- When Could You Make A Victim Of Abuse Data Breach Claim?
- Examples Of How A Sensitive Information Data Breach Could Occur
- What Evidence Could You Collect To Support A Data Breach Claim?
- Calculating Data Breach Compensation Settlements
- Claim Compensation For A Victim Of Abuse Data Breach With No Win No Fee Solicitors
- Learn More About Claiming Data Breach Compensation
The Information Commissioner’s Office (ICO) is the independent public body that governs data protection in the UK. The ICO define a personal data breach as a security incident that has affected the integrity, availability or confidentiality of personal data. The ICO definition applies to both deliberate action and human error data breaches.
When discussing a victim of abuse data breach, there are 3 relevant parties to consider:
- The living identifiable individual to whom the personal data relates is known as a data subject.
- The party that decides why and how your personal data will be processed is referred to as a data controller.
- A data processor is an external party who are contracted to handle, store and process data by the data controller. Not every data controller will use an external processor and may instead process data themselves.
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) impose obligations on both data processors and controllers to meet certain standards of data protection. Failures to meet these standards on the part of either party can result in incidents of security where personal data could be affected.
The eligibility criteria to begin a personal data breach claim are listed here:
- Either the data processor or processor failed in their duty to uphold the standards of data protection set out in the UK GDPR and DPA 2018.
- As a result of these failings, a data breach that affected your personal data occurred.
- As a result of the data breach, you suffered financial losses, psychological harm or both.
What Information Could Be Affected By A Victim Of Abuse Data Breach?
Personal data is information that can be used to identify you, directly or indirectly. This can include your name, your postal address as well as contact details such as your phone number and email address.
Certain types of data are more sensitive and therefore afford a higher standard of protection under the UK GDPR. This is known as special category data and can include information concerning your health, sexual orientation, race, political views and religious beliefs. In terms of special category data about victims, this could include health information that contains details about physical injuries or psychological trauma.
According to the ICO, information about victims is likely to be sensitive or high risk and particular care should be taken when processing this data. Failing to do so could create significant risks to the privacy and well being of those concerned.
To find out whether a victim of abuse data breach claim is possible, please contact our team on the number above.
A number of different organisations could hold the personal data of abuse victims, including; the police, social services, therapists, solicitors and healthcare providers. Any organisation that fails to uphold its obligations under the UK GDPR could put data subjects at risk of having their data breached.
We have provided some hypothetical examples of how a victim of abuse data breach can occur here:
- Your therapist did not take appropriate measures to secure physical copies of your session notes at their office. This results in unauthorised persons gaining access to sensitive information. The data breach caused you considerable stress.
- Your case files were lost in a police data breach following a cyber attack. You suffered a significant exacerbation of your anxiety due to this data breach.
- Personal data, including your new address, was sent by your solicitor to your old address, where your abusive ex-partner still lived. Your ex-partner subsequently learned of your new address putting you at risk. As a result, you experience severe distress and incur financial losses due to having to relocate.
As previously stated, to be eligible to make a personal data breach claim, you must have suffered emotional harm, financial loss, or both after your personal data was compromised because a controller or processor breached data protection laws.
Please contact our team to discuss your specific case and find out whether you’re eligible for data breach compensation.
You will need to provide evidence to support your personal data breach claim. Examples of possible evidence you could collect are given here:
- Correspondence, such as a letter or email, from the data controller that a data breach has occurred and your personal data was affected.
- Medical evidence detailing any psychiatric harm you suffered from the data breach.
- Documents from your bank, such as credit card statements, showing financial losses stemming from the data breach.
There is also a responsibility placed on data controllers to inform all data subjects affected by a breach if rights and freedoms have been put at risk as soon as possible. Data controllers also have a responsibility to notify the ICO of all data breaches that meet the reporting threshold within 72 hours. The ICO may choose to carry out an investigation and bring action against the data controller if necessary. You can use findings from this investigation as part of your body of evidence in your data breach claim.
Data subjects can express dissatisfaction or concerns over how their data is being handled at any time. You can also make a report to the ICO yourself if dissatisfied with the response from the data controller. Filing a complaint is not a legal prerequisite to making a data breach claim.
Our advisors can provide further guidance on what evidence you can acquire to support your victim of abuse data breach claim. You could get support in collecting evidence from one of the data breach specialists from our panel of solicitors if our advisors decide you have valid grounds to proceed with your claim. For a no-cost, no-obligation consultation use the contact information given below.
After a successful claim for the breach of your personal data, you will receive a compensation award. This compensation could be for material damage, which refers to any financial losses stemming from the breach of your personal data. Compensation can also be awarded for non-material damage, which refers to the psychiatric harm sustained through having your data breached. You could receive a payout comprising compensation for either one, or both types of damage.
Data breach claims solicitors can use the Judicial College Guidelines (JCG) to aid them when valuing psychological harm. The JCG is a publication that lists guideline award brackets for a variety of different types of harm. We have used some of those brackets for our compensation table.
It is important we emphasise this table has been provided to act as guidance only. We cannot make guarantees regarding compensation due to the individual nature of data breach claims.
|Harm||Severity||Description||Guideline Award Bracket|
|General Psychological Damage||Severe (a)||Marked impacts on several aspects of life with a very poor prognosis.||£54,830 to £115,730|
|Moderately Severe (b)||Although significant problems across multiple areas of the injured person's life will be present, the prognosis will be more optimistic.||£19,070 to £54,830|
|Moderate (c)||While problems relating to, for example, work, family and social life will have been present, there will have been significant improvement and a good prognosis.||£5,860 to £19,070|
|Less Severe (d)||Awards in this bracket will be determined by the length of disability period and effects on sleep and daily activity.||£1,540 to £5,860|
|Anxiety Disorder||Severe (a)||Severe effects of a permanent nature across all aspects of the injured person's life.||£59,860 to £100,670|
|Moderately Severe (b)||Significant disability for the foreseeable future, although prognosis will be better than in the above bracket.||£23,150 to £59,860|
|Moderate (c)||This bracket will apply to cases where there has been a large scale recovery and no severely disabling continuing symptoms.||£8,180 to £23,150|
|Less Severe (d)||A virtual recovery within a period of one to two years. Symptoms persisting beyond two years will be minor.||£3,950 to £8,180|
If you would like a more detailed analysis of the data breach compensation you could potentially be owed, please contact a member of our team.
Contact our team of advisors today for an assessment of your potential claim. They could then connect you with a specialist data breach solicitor from our panel if you have a valid claim. Our panel can offer to take your claim on a No Win No Fee basis under a Conditional Fee Agreement (CFA).
Starting your potential claim with a solicitor under a CFA presents a number of advantages. The solicitor will not ask for an upfront fee to begin working on your claim in most cases. You will likewise not be paying ongoing fees for their work during the claims process itself. Finally, an unsuccessful claim will not incur a fee for the services they have provided.
Following a successful claim you will receive a compensation award. The solicitor will then deduct a percentage of this compensation as their success fee. There is a legally binding cap on the success fee percentage. Therefore, you will keep most of your awarded compensation.
For a free no-cost, zero-obligation assessment of your particular circumstances, speak to our advisors today. To get in touch, you can:
See some of our other data breach guides here:
- Learn if you could claim compensation after your employer shared personal information with other employees.
- Read our guide on what to do after a bank data breach.
- Find further guidance on how to report a data protection breach here.
Other helpful resources:
- The NHS has published this resource on mental health.
- The National Cyber Security Centre has prepared guidance on data breaches for individuals and families.
- See this resource from the ICO about taking your case to court.
Thank you for reading our guide on the steps you can take if you have been subject to a victim of abuse data breach. For further information or a cost-free assessment of your specific circumstances, speak to our advisors. You can reach a member of our team using the contact information provided above.