My Data Privacy Was Breached By Halifax, Could I Claim Compensation?
In this guide to data protection breach claims against Halifax, we look at the justifications and evidence you might need to seek compensation.
Banks are responsible for handling some of our financial information. If someone were to unlawfully access your banking details, such as your credit card numbers or the login and password information to your online banking information, you could be in serious danger. With information like this in the wrong hands, you could be in danger of identity theft or fraud, a cyber-attacker could use your information to take money from your account or to make purchases.
It is vitally important, therefore, that your bank protects your personal data by abiding by data privacy security laws. Allowing your data to be breached, by accident or deliberately, could be unlawful. However, not every data breach might be due to the failings of the bank.
If you have suffered psychological harm or financial loss because of a data breach caused by a bank’s security failings, then you could be entitled to make a data breach compensation claim.
This article has been put together to help you understand what a valid claim looks like. We have advisors available 24/7 to help you. If they believe your claim is has a solid chance of success, they could connect you with our panel of lawyers.
If you would like to get in touch with us for more advice, then you can use the following contact details:
- Fill out our ‘contact us‘ page
- Fill out our ‘online enquiry‘ form for a callback
- Call 0161 696 9685
- Email us at [email protected]
Select A Section
- A Guide On Data Protection Breach Claims Against Halifax
- What Are Data Protection Breach Claims Against Halifax?
- How Is Third-Party Data Sharing Affected By The GDPR?
- Has Halifax Bank Of Scotland Been Affected By A Data Breach?
- Data Protection Breach Compensation Calculator
- Types Of Material And Non-Material Damages Awarded For Data Breaches
- Should I Report The Data Breach To The Information Commissioner?
- Make A Data Protection Breach Claim Against Halifax With A No Win No Fee Solicitor
- How To Get Help From A Data Breach Solicitor
- What Steps You Should Take If Affected By A Data Breach?
- Contact A Data Breach Lawyer
- FAQs On Data Breaches
- Where To Learn More
We want people who have been affected by data breaches at their banks to feel confident in knowing what to do about it next. And that’s why we have written this guide.
The first part of this guide will explore data protection law. We will explain what your data security rights are and what kind of obligations this entails for banks.
We’ll help you to better understand what circumstances could allow you to make a compensation claim for a Halifax data breach. Included in this part of the article will be an example of a potential data breach at Halifax.
Later in this article, we will focus on the process of making a claim, and how you could benefit from making the claim with the help of our panel of lawyers.
We will include information on how your compensation gets calculated, and what types of compensation you could be entitled to claim depending on how you have been impacted by the data breach.
There is important useful information about how you could prepare to make a claim and other potential options you could attempt before you do.
We also discuss how No Win No Fee claims work.
Should there be anything that this guide does not cover in enough detail for you, then you are invited to speak to our advisors for free legal advice.
A data protection breach could include situations where:
- A third party has been able to gain access to your personal information held by a bank due to lax security.
- The bank shared your personal data unlawfully or without consent.
- The bank has lost your personal information.
- They have recorded it incorrectly, despite you giving them accurate information.
The consequences of a data breach can be potentially serious for the customers or employees affected. If a company has not done enough to protect personal information, it could be liable for a fine or an investigation. It could even be liable for compensation claims by those who suffered mentally or financially because of the breach. (You can learn more about what the law says about data security in the next section.)
If you are eligible to make a compensation claim, you would request a certain amount of money in compensation to match your suffering. This would be on the basis of proving that the company failed to keep your personal information secure and safe.
In many cases, a compensation claim will be resolved with a settlement before it reaches court.
If you have any questions, why not get in touch with our advisors? They give free legal advice. Plus, you’ll be under no obligation to proceed with our services.
Businesses, public authorities, and other institutions and organisations that collect or process data are bound by the General Data Protection Regulation (GDPR). The GDPR outlines responsibilities and rules that apply to personal data protection. The GDPR is an EU law, but it applies in the UK as well. It was enacted into UK law through the Data Protection Act 2018.
The GDPR is based around a number of key principles. You can read through these principles below.
- When collecting personal data, only data that is pertinent to the needs of the data collection may be gathered.
- The data collected may only be used for the purposes stated when it was given. However, there are lawful exceptions where your personal data could be shared without your consent.
- The data has to be collected in a way that is fair, transparent, and legal.
- It has to be accurate and updated where necessary.
- The data has to be disposed of once it is no longer needed.
- Data must be kept securely, whether it is stored on physical documents or on online.
- Those that process, hold or collect personal information are expected to be able to provide evidence that they have taken measures to achieve all of the principles outlined above. They should be accountable.
Halifax is a division of the Bank of Scotland plc. Both suffered from a data breach involving their online banking services.
Between 2013 and 2015 it was possible to set up a savings or current account using only a name, a date of birth, and an address. No other correct information was required.
If you set up an account in this way, it would automatically link with other Halifax or Bank of Scotland accounts in that name. (This would be either Halifax account or Bank of Scotland accounts.)
Therefore, if someone had another person’s name, address and date of birth, they could create a new account and view the details (such as balances and transactions) of the others.
Though this method could not be used to take money or make payments with the linked accounts, it did leave accounts fairly easily accessible.
This mistake was rectified once it was brought to the attention of Halifax and the Bank Of Scotland.
This guide exploring what justifications could validate data protection breach claims against Halifax aims to help you. However, if you need us at any point, just reach out.
A data breach can have different impacts on different people depending on the circumstances. The amount of compensation you are entitled to claim should reflect fairly the amount of harm that the breach has caused. Part of the process of making a claim involves calculating the amount of money that represents the amount of harm that was done by the breach.
During the case of Vidal-Hall and others v Google Inc , the Court of Appeal held that compensation for the mental health effects of a data breach could be valued as it is for personal injury claims. Plus, you could, from this case onwards, claim for psychological damage even if you hadn’t suffered financial loss.
When it comes to the aspects of the data breach that directly impacted your personal health, these calculations are done according to Judicial College Guidelines (JCG). Legal professionals use the JCG to help them value injuries. You can see how these guidelines approximate the value of compensation in the compensation table below.
|Severe psychiatric damage||£51,460 to £108,620|
|Moderately severe psychiatric damage||£17,900 to £51,460|
|Moderate psychiatric damage||£5,500 to £17,900|
|Severe PTSD||£56,180 to £94,470|
|Moderately severe PTSD||£21,730 to £56,180|
|Moderate PTSD||£7,680 to £21,730|
|Less severe PTSD||Up to £7,680|
The effect a data breach can have on mental health may involve stress, fear, and anxiety. It could be caused by the possibility of having your data stolen or misused.
The table above might not accurately reflect what you could claim. To get a free estimate, why not contact our advisors?
In the last section we dealt with the calculation of the compensation for mental health damage, now we will discuss other forms of compensation that could also be included in your payout.
What are material and non-material damages in data protection breach claims against Halifax?
Compensation relating to how your mental health was harmed due to a data breach is known as non-material damages. Compensation that involves financial loss caused by a data breach is known as material damages.
In a data protection breach claim, you could claim material damages for the money that you lose (through theft or fraud for example) due to the data breach. You’ll need to provide financial documents relating to your losses, such as credit scores and bank statements. These can be used to prove and calculate the amount of compensation you could be entitled to claim.
Reporting the issue to the Information Commissioner’s Office (ICO) is one option. The ICO is a regulatory body, meaning that it can carry out investigations and hand down fines for breaches of data protection law. If you make a complaint to the ICO, then they can look into the case and possibly take action against the bank if they find wrongdoing.
If it has been more than three months since you last had contact with Halifax bank over the data breach issue, then ICO’s decisions might be impacted by the delayed complaint.
However, you could still have the right to make a compensation claim if you would like to get in touch with us to discuss the issue. You can also make a call to us to discuss making a compensation claim if you made an ICO complaint and were not satisfied.
Alternatively, you could skip making a report to the ICO altogether and instead come straight to us to discuss a potential compensation claim.
When you have faced a data security breach in which your online banking details were accessed and you’re claiming compensation for mental stress and financial losses, the last thing you need is additional worry about funding a solicitor’s services.
You could choose to make a No Win No Fee claim. A No Win No Fee claim is an agreement that you and your lawyer sign at the outset of the claim. You agree that if your claim succeeds and you receive compensation, your lawyer would be entitled to a “success fee”. (That’s a small percentage of the compensation. And it’s capped by law.)
In return, you will not be charged solicitor fees for beginning the claim, and you will not be charged solicitor fees for a claim without a successful outcome.
You’d also benefit from:
- No ongoing solicitor fees.
- Not having to pay solicitor fees until the compensation comes through in the event of a successful claim.
Our panel of solicitors offer No Win No Fee agreements. To find out more, why not reach out to us?
If you would like to find a data breach solicitor, then you could start looking at reviews online. On the internet, you can find reviews left by solicitors’ previous clients. These can tell you a lot about which solicitors are experienced and the most successful in the field of managing claims in scenarios similar to yours.
Reviews can also tell you a lot about:
- Whether solicitors were well regarded by their previous clients.
- Whether they left their clients satisfied that they had done all they could to win the most amount of compensation that was potentially available.
- How satisfied clients were with their level of communication.
- Their general attitude towards working with their clients.
Online reviews can help you to avoid working with a solicitor that isn’t appropriate for your needs.
Another way that you could find the right lawyer is to speak to us. If you have evidence of a favourable claim, we could connect you with a No Win No Fee lawyer from our panel who is best suited for your needs.
If you are affected by a banking data breach, your first step may be to change your passwords and to contact your bank, requesting to change your credit card details. This could help to minimise the risk of transactions and withdrawals being made using your financial information accessed by someone else during the breach.
You could contact your bank to make a complaint. This allows your bank to offer an explanation and resolve the situation. If this fails, you could make a complaint to the Information Commissioner’s Office. However, you should contact the ICO about this within 3 months of the last meaningful response you had from the bank. Failure to do it within the timeframe could influence the ICO’s decisions.
Should this also fail to yield satisfactory results, you could come to us. You could also come to us whether you wish to contact the ICO or not. The ICO can’t help you in regards to seeking compensation, but we could.
If you speak to one of our advisors, they can offer you a free consultation on making a compensation claim. They can assess your claim’s chances of success and the amount of compensation you could be entitled to. And if your situation sounds like one that could result in compensation, our advisors could connect you with our panel of lawyers.
Would like to ask any questions about the content of this guide to the justifications needed to make data protection breach claims against Halifax? Alternatively, would you like to have a discussion about making a compensation claim? Then you could have a free consultation with an advisor by using any of the contact methods below.
- Contact us for a callback at a time best suited for you.
- Call 0161 696 9685
- Email us at [email protected]
- Use our live chat for instant answers from our advisors.
What are my rights if I have a data breach?
If you have suffered mentally or financially because of a data breach, then you have the right to take a number of different forms of recourse. These include:
- Making a complaint to the bank that breached your personal data.
- Making a report to the Information Commissioner’s Office within three months of your final contact with the bank on the matter.
- Approaching us about making a compensation claim.
How could I protect myself from a data breach?
You could protect yourself from a breach by installing reliable, up-to-date online security software.
If your banking information is involved in a data breach, you should contact your bank. This is to ensure that your money and information are kept safe. You could ask to have your credit cards cancelled and your online banking login details changed if appropriate.
Below are some of the articles on our website that you could find relevant and useful.
Here is our guide to employee data protection compensation claims: Employer Breach Of The Data Protection Act
Our guide to medical data breach claims: Medical Data Breaches
We also have a guide to data breaches caused by solicitors: Solicitor Data Breach Compensation Claims
And we have a guide to claims after data breaches at an optician’s: Opticians GDPR Data Breach Compensation
An ICO guide: Personal data breaches
Another ICO guide: Personal data breach examples
A government guide: Using personal data in your business
Thank you for reading our guide exploring what data protection breach claims against Halifax potentially involve.
Written by JY
Edited by RV