HSBC Bank GDPR Data Breach Compensation Claims Guide – How To Claim?

My Data Privacy Was Breached By HSBC Bank, Could I Claim Compensation?

Bank security is obviously very important when it comes to securing customer’s money. However, another valuable commodity also needs to be stored securely too, and that’s your personal information. Luckily, banks take their obligations very seriously and the security of personal data has been bolstered by the General Data Protection Regulations (GDPR). However, with the best will in the world, mistakes can still happen. If they do, it could result in you suffering from anxiety, stress or you could lose money. Therefore, this article will look at data protection breach claims against HSBC bank. We will show you what could cause them, the harm that might result and how much compensation might be paid to cover that harm.

HSBC Bank data breach compensation claims guideLegal Helpline can support you through the process of making a data breach claim. We will begin by reviewing your case over the telephone. You will receive free legal advice, but you won’t be obliged to make a claim at this point. However, if your claim is suitable, and you wish to claim, we could link you with one of the data breach lawyers from our panel. All claims they accept are managed on a No Win No Fee basis.

To find out if you have a case that could entitle you to claim compensation, why not call our team today on 0161 696 9685? Alternatively, you can learn more about starting data breach claims against banks by reading the rest of this guide.

Select A Section

A Guide On Data Protection Breach Claims Against HSBC Bank?

Data security is important to any type of organisation these days. That’s especially true in the banking sector though. Luckily, The Data Protection Act 2018 and the GDPR have been designed to improve things. Together they allow you (the data subject) to have some control over the ways in which personal data is used.

Also, organisations (the data controller) must now have a lawful basis to process data about you. This often means that you will need to receive an explanation as to why your information is required and you may also need to give your permission before it is used.

To help secure personal data, extra processes, procedures and practices need to be implemented according to the new laws. If errors occur which means data security isn’t strong enough, the Information Commissioner’s Office (ICO) has the powers to investigate. Where they find fault, they can issue massive financial penalties against companies or force a change in the way they work.

Unfortunately, though, they don’t get involved with data breach claims. Therefore, if you are harmed by a breach, and would like to be compensated, you will need to claim yourself.

The usual time limit that applies in these cases is 6-years from the date you obtained knowledge of the breach. However, you may need to verify that with a member of our team. That’s because where a case centres on a human rights breach, you’ll only have 1-year.

We’ll explain how a bank could breach data protection rules as we proceed. However, they could range from simple mistakes like a member of branch staff leaving your statement on the counter for others to see through to cyberattacks by organised criminals.

For more information on how we could help as well as free legal advice, why not call our team?

What Are Data Protection Breach Claims Against HSBC Bank?

It would be impossible to operate as a bank without processing personal information on a daily basis. However, banks have a legal duty to try to prevent that data from getting into the wrong hands.

An HSBC data breach could result from some form of security problem that causes personal data to be destroyed, disclosed, altered lost or accessed in a manner that has not been authorised. Accidental data breaches, as well as illegal or deliberate ones, could lead to a claim if they result in any form of suffering.

To begin an HSBC data protection breach claim, there would need to be evidence to show that:

  • The breach took place;
  • As a result, you suffered damage.

The types of damages that could be compensated include psychological injuries caused by conditions like distress or depression. Also, you could claim back any financial losses as well.

It is very common to read about breaches caused by cybercriminals. They will often employ tactics involving phishing emails, ransomware and viruses to try and access sensitive information. However, we should point out that it’s not just digital data that is covered by the GDPR. Physical documentation like paperwork in filing cabinets is also covered.

Any data that could identify a data subject is defined as personal data according to the GDPR. For example, data containing your name, telephone number, home address or email address would be covered. Other data that could indirectly reveal your identity is also covered. This can include information about your age, ethnicity, marital status and other personal characteristics.

Can Banks Share Data With Third Parties?

Data sharing happens all of the time. It is a really useful process that can reduce the amount of time things take to happen. A good example of data sharing is Open Banking which allows you to share data with phone apps seamlessly.

However, to be able to share your personal information, banks need a lawful basis for doing so. This will often mean that you’ll be told about the sharing in the bank’s terms and conditions. You may also have the opportunity to opt-in or out of the service.

That said where there is no lawful reason to share your information, you could be entitled to claim for any damage caused if it does happen. To discuss starting a claim for a data breach in the banking sector, why not call our specialists today?

How Have HSBC Customers Affected By Breaches Of Data Protection

The ICO’s website contains a database of data breaches that it has investigated. At the moment, there are no HSBC data breaches recorded. However, in this section, we’re going to look at an HSBC breach that occurred in America.

In October 2018, HSBC confirmed that some US customer bank accounts were hacked. The information that was accessed may have included information relating to balances, account numbers, transaction histories, payee details and statements. Also, the customers’ personal details may have been accessed too. Overall, one report suggested that less than 1% of US customers were affected.

The report went on to suggest that rather than being a hack of HSBC’s security systems, the breach was caused by credential stuffing. This is where the attackers use login credentials harvested from other websites which proves that it’s not a good idea to reuse passwords on different sites.


Calculating Amounts Of Compensation For A Data Breach By HSBC

Let’s take a look at how much compensation could be paid for suffering caused as a result of a bank data breach. We are talking about psychiatric damage here such as harm resulting from distress, anxiety or Post-Traumatic Stress Disorder (PTSD).

An important hearing by the Court of Appeal (Vidal-Hall and others v Google Inc [2015]) provided an important change to the law:

  • It is possible to claim for psychiatric injuries that result from data breaches without having suffered financial losses.
  • Previously, it was a requirement to have suffered financial harm to recover compensation for distress, anxiety and the like.

The Court of Appeal advised lawyers that when settling data breach claims, they should consider the values attributed to psychological injuries in personal injury law. Our compensation table, therefore, uses figures from the Judicial College Guidelines, a document used when settling personal injury claims.

InjurySeverityAward BracketFurther Guidance
General Psychiatric DamageSevere£51,460 to £108,620 The victim will have serious problems manging relationships, will be vulnerable and struggle to cope work and life in general. The prognosis will be very poor and any treatment is not likely to help.
General Psychiatric DamageModerately Severe£17,900 to £51,460Again, the victim will have significant problems similar to those shown above. However, their prognosis will be more optimistic.
General Psychiatric DamageLess SevereUp to £5,500Mild symptoms of anxiety and depression which resolve in full within a few weeks or months.
Post-Traumatic Stress DisorderSevere£56,180 to £94,470The symptoms in this category will be permanent and affect all aspects of the victim's life. Therefore, returning to work will not be possible and nor will a the victim be able to function at pre-trauma levels.
Post-Traumatic Stress DisorderModerately Severe£21,730 to £56,180While not permanent, the symptoms here will be very similar to above. However, with professional aid, some form of recovery should be possible.
Post-Traumatic Stress DisorderModerate£7,680 to £21,730The will have recovered from most symptoms. Any that do continue won't be largely disabling.

To help prove how serious your injuries are, you will need a medical assessment during the claims process. This can usually be booked locally if using the data breach lawyers on our panel.

Your meeting will be conducted by an independent specialist. They will review your medical records and ask some questions about how you’ve been affected. After they’ve concluded their assessment, they will provide a report. This will show a list of injuries caused by the data breach and a prognosis for any future suffering.

This report will then be used to prove that the harm was in fact caused by the breach, as well as enabling your lawyer to value your injuries.

For a more precise estimate, please get in touch with our team.

Types Of Damages Awarded If Your Bank Has Breached Your Data Privacy

Generally, data breach claims consist of two separate elements. They are:

  • Material damages. This type of compensation aims to restore any costs, expenses or monetary losses following data breaches.
  • Non-material damages. The compensation that could be paid to cover pain, suffering or loss of amenity resulting from a breach relating to anxiety, distress or depression, for instance.

Importantly, the claim needs to consider future suffering in addition to any that’s already happened. For example, the medical report we discussed in the previous section could identify continuing suffering resulting from PTSD, for example. If that’s the case, the prognosis offered by the report may need to be factored into the claim.

Similarly, if your bank account details are being shared around the dark web by criminals, you could continue to lose money until you can swap all of your accounts. Therefore, you may need to consider any additional losses that could result.

To find out if one of the data breach lawyers from our panel could help you claim for your suffering, why not get in touch with our team today?

Could I Report My Bank To The Information Commissioners’ Office?

As we have explained already, the ICO is the watchdog responsible for the GDPR in the UK. As such, you may wish to discuss your case with them. That is something you’re able to do but you’ll need to follow the correct process first.

Initially, the ICO will want you to complain to the bank first. When you have received an answer, you should take the complaint higher if you don’t agree with the response. After you have waited for 3-months since you last heard from the bank, you could escalate the complaint to the ICO.

Should they investigate, the ICO might tell the bank to change their data protection procedures. Also, they could issue a fine if it is proven that data protection rules were broken. However, the ICO investigation process will not result in you being paid compensation.

If you believe that a banking data breach has resulted in you suffering, you will need to begin your own legal action. If that is something you would like to do, why not call Legal Helpline today?

Make A Data Protection Breach Claim Against HSBC Bank With A No Win No Fee Solicitor

You might think that the risk of losing money because of lawyer’s fees is too high and it could put you off from starting a claim. However, we can help to reduce that worry. That’s because we have a panel of data breach lawyers who will represent you on a No Win No Fee basis if your case is accepted. By doing so they can reduce your financial risk while still offering access to justice.

No Win No Fee services mean that the lawyer is taking on some risk. Therefore, the merits of your case will need to be considered before it’s taken on. If the lawyer is happy to work for you, your claim will be funded by a Conditional Fee Agreement (CFA). This is the formal title of a No Win No Fee agreement and serves as your contract. It will show what conditions your lawyer needs to meet before they are paid. Also, it will clarify that:

  • Claims don’t need to be funded upfront.
  • You won’t be asked to pay any lawyer’s fees while your claim progresses.
  • Should the claim be unsuccessful, you are not liable to pay any of your lawyer’s fees.

If there is a positive outcome, your lawyer will deduct a small percentage from your compensation to cover their costs. This is listed in the CFA as a success fee. So that you are not overcharged, success fees are legally capped.

To find out whether we could help you claim on a No Win No Fee basis, why not contact us today?

How Do I Choose The Right Data Breach Solicitor?

As we have hinted at throughout this guide, our advice is to have a legal representative on your side when making data breach claims. We believe that by doing so, you will have a better chance of being compensated correctly. If you contact our advice team, and your claim is accepted, a specialist lawyer from our panel will:

  • Listen to your version of events carefully so that they understand exactly how you have suffered.
  • Support you by gathering evidence to back up your allegations.
  • Arrange for a local medical assessment with an independent specialist.
  • Compile your claim before presenting it to HSBC or their legal representatives.
  • Deal with the defendant’s legal team so you won’t have to have any contact with them.
  • Work hard to try and ensure any compensation awarded is set at the maximum amount possible.

To begin the claims process, why not contact us today? Our specialists are here to provide free legal advice, review your claim and explain the options that are available to you.

What Should I Do If Affected By A Breach Of Data Protection?

We will now briefly re-cover the way in which you could begin an HSBC data breach claim. Firstly, you will need to contact the bank and raise a formal complaint. After you’ve done so, you should escalate it further if you don’t agree with the response.

When it has been 3-months since any meaningful contact, you have the option to contact the Information Commissioner’s Office. If they decide to take a look at what’s happened, a report should be filed to explain their findings. This may result in action being taken against the bank. However, it won’t result in you receiving compensation.

Therefore, if you wish to proceed, you may choose to call Legal Helpline for advice on claiming. In some cases, a data breach lawyer from our panel might accept your claim and represent you on a No Win No Fee basis.

Talk To A Specialist About Your Case

We are approaching the end of this article on data protection breach claims against HSBC bank. Hopefully, our advice now means you can now choose what your next actions will be. If you wish to get more advice on making an HSBC data protection breach claim, you can begin by:

You’ll receive fair and free legal advice when you get in touch. We provide a no-obligation case review where you can ask as many questions as you need. Furthermore, if your claim appears viable, we could refer it to a specialist data breach lawyer from our panel. Should they accept it, your claim will be processed on a No Win No Fee basis.

FAQs On How Banks Protect Your Personal Data

To summarise some of the information provided already, we have answered some frequently asked questions below. If we haven’t answered your question here, please don’t hesitate to ask one of our specialist advisors.

Does the GDPR apply to banks and financial services?

Yes, the financial sector is covered by the GDPR. This means that organisations in the sector must use processes to try and keep personally identifiable data from falling into the wrong hands.

What does the GDPR mean for banks?

The GDPR means that banks, and other organisations, need to implement procedures and methods to try and keep personal information safe and secure. They must also have a lawful basis before processing such data.

What happens when a bank breaches data protection?

Steps must be taken to investigate any data breach involving a bank. The ICO will also need to be told about the incident. Where banking customers might be at risk, they need to be informed about the breach within 72-hours.

Are bank details personal data?

The information that banks hold about you that could identify you is classed as personal data. That could include your account number, name, home address and other contact details.

Related Data Breach Resources

Thank you for visiting our site and reading about data protection breach claims against HSBC bank. In our final section, we have listed a few resources that may come in handy. Please let us know if you require any further guidance by contacting our advice centre.

Raising Concerns – An ICO article that sets out your right to tell organisations if you’re worried about data usage.

Anxiety Self-Help Guide – NHS Scotland advice on how to manage mild to moderate forms of anxiety.

Finally, you’ll find some more data breach guides from our archives listed below:

Pharmaceutical Breaches – Information on how a pharmacy data breach could result in compensation.

Blackbaud Data Breach – Details of a breach that affected many higher education establishments.

Banking GDPR Breaches – This guide covers bank data breaches in general and doesn’t relate to any particular company.

Thank you for reading our guide to data protection breach claims against HSBC Bank.

Guide by BH

Edited by REB