By Cat Stardew. Last Updated 2nd August 2023. Have you been the victim of an HR data breach? Did your employer fail to adequately protect your personal details either online or offline? If you’ve been impacted by such an incident, yo, you could seek data breach compensation for any emotional or financial damage caused by this.
In this article, we explain how the General Data Protection Guidelines (GDPR) which came into effect in 2018 now give you much greater rights as to how your personal information is used, shared and kept.
We discuss HR data breach examples and the potential compensation amounts you could receive, as well as the ways in which you can take legal action today.
If that’s a course of action you want to take then we can help. You can speak with us now using any of the following methods:
Call our knowledgeable data breach team today on 0161 696 9685
Write to us at Legal Helpline to see how we could help you.
Alternatively, use the chat box to the bottom right of this screen to speak with us now.
Select A Section
- What Is A HR Data Breach?
- HR Data Breach Examples
- Data Breach Compensation Examples
- Could You Be Awarded Different Types Of Damages?
- What Should I Do If My Employer Breached My Data Privacy?
- What Does The ICO Do And Can I Report My Employer?
- Make A HR Data Protection Breach With A No Win No Fee Solicitor
- Contact Us To Launch Your Claim
- Learn More About Data Breach Claims
Firstly, let’s define exactly what we mean by an HR data breach. The GDPR and ICO define it as the accidental or deliberate loss, destruction, alteration and unauthorised sharing of personal data that exposed the data subject to potential harm.
That harm could be economic, social, emotional or financial. Anything private about you that is shared without explicit consent could expose you to the unwanted attention of fraudsters, online trolls or worse. Consent to giving data and how it is used is now a key right.
It’s important to note that we give our consent every time we buy something online, use social media or send an email. Cookie preferences are regarded by many as an irritating distraction from the website we want to visit, but they are actually a valuable opportunity to control the amount of information that is stored, used and circulated about us.
ICO Core principles
The ICO has identified some core principles about our data use. They recognise that the data collected should be kept to a minimum, only for the explicit purpose stated, and used in a way that is obvious and legal. Furthermore, the data should be stored only for a set amount of time by people properly trained to understand its correct and lawful use. It should also be accurate.
Employers require and retain quite a lot of information about us, such as:
- Our full names
- Full address
- Email and contact numbers
- National Insurance number
- Compliance with terms and conditions of employment
- Signed statements about our legal status
- Marital or relationship status
- Immigration status (where applicable) and right to work
- Pension or bonus details
- Medical details (where appropriate)
- Salary amounts
- Tax codes and HMRC details
- Bank details
- Background checks or personality profiling
- CV information and dated past history
- There are also ‘protected characteristics‘ which you can read in detail about here. This is data that needs more protection because information might be inferred or guessed about the individual from it.
In short, this represents more than enough information for a hacker or cybercriminals to construct a completely fake identity in your name and use it to commit offences. Leaving you with the consequences.
Because of the sensitive and highly tractable nature of this information, companies have an obligation to inform their staff of any serious data breaches that might affect them.
GDPR rules clearly outline their duty to report a data breach to you within 72 hours. Did your Human Resources department leak details about your salary or other information and fail to inform you? If so, you could be on the receiving end of a great deal of aggravation and personal anguish.
Let’s take a look at some HR data breach examples.
As a way of helping employers adopt best practices with GDPR rules, the ICO has produced a code that you can read here. The emphasis is on processing data in a fair and proper way. Failure can result in ICO fines as high as £17.5 million for the most egregious breaches.
Serious cases of HR data protection breaches could occur in the following ways:
- Failure on the part of staff to lock away or secure sensitive data that allows hacking
- Laptops, USB sticks and smartphones lost or left in an accessible place
- Loss in transit or storage of hardcopy data
- Casual and inappropriate conversations between colleagues or the public
In addition, input errors can have disastrous consequences. Imagine the chaos if salary details are sent to the wrong recipient. Or if a document containing full details is not properly redacted or encrypted before being forwarded? What if the wrong email address was used for a P45 or tax notification?
Human error is a key thing to safeguard against. Vicarious liability means employers are responsible for the actions of their employees and this includes their HR department.
Companies are not completely vulnerable, however. Whilst little can be done to address human error other than better training, IT departments can put up a formidable line of defence against HR data security breaches.
For example, they can use multiple passwords, encrypted details, redaction procedures on paperwork and email, automatic time-out screens and robust firewall procedures or anti-malware software.
What is essential is that each company properly invests in these devices and procedures and then maintains them properly. Failure to do so could affect you far worse than them.
HR Data Breach – How Long Do I Have To Claim?
An important part of making an HR data breach claim is ensuring that you begin proceedings within the correct time limit.
If you are making a data breach claim against a public body, like a local council or authority, then the time limit for starting your claim is one year. Otherwise, data breach claims against non-public bodies and organisations must be made within six years of the breach or the date you became aware of the breach.
Our team of friendly advisors can help you get a better idea of where you stand in regard to the data breach claims time limit. Through a free consultation, a member of our team can evaluate your case and tell you whether you are within the correct limit for your claim. Get in touch today to get started.
How exactly can an HR data protection breach harm you? We touched upon the two types of damages earlier, material and non-material, and how the change in law enables people to claim for either or both.
Non-material damages are those of a psychiatric nature. If you experience distress, depression or anxiety as a result of your data breach, it can cause enormous turmoil in your life and to your health. Issues such as those below could all impact you:
- Insomnia or disturbed sleep
- Loss of appetite leading to illness
- Anxiety or panic attacks
- PTSD or phobias
- Suicidal thoughts
- Damage to personal relationships
- Loss of pleasure in life
- Inability to work properly or cope as normal
- Loss of wages from related sicknesses, such as stress
The appreciable consequences of the worry, stress and anguish created by being a data breach victim are real and were brought into your life through absolutely no fault of your own. An assessment with a suitable medical expert can be arranged by a data breach solicitor as part of your claim. This can prove that you have suffered destructive anguish directly because of incompetence or flawed procedures in your HR department at work.
The Judicial College Guidelines is a publication that offers suggested compensation award amounts for psychiatric harm like this.
|Psychiatric Damage - Severe||Severe problems that affect many areas of daily and social life.||£54,830 to £115,730|
|Psychiatric Damage - Moderately Severe||Significant problems with daily life. But, there is a more optimistic prognosis.||£19,070 to £54,830|
|Psychiatric Damage - Moderate||Marked improvement shave been made, despite having struggles with various problems.||£5,860 to £19,070|
|Psychiatric Damage - Less Severe||The effect on daily activities and sleep will be taken into account.||£1,540 to £5,860|
|PTSD - Severe||Inability to function the same as pre-trauma due to permanent effects.||£59,860 to £100,670|
|PTSD - Moderately Severe||Recovery is possible with help from a professional, but the person will still likely suffer for the foreseeable future.||£23,150 to £59,860|
|PTSD - Moderate||Largely recovered with any persisting symptoms not being majorly disabling.||£8,180 to £23,150|
|PTSD - Less Severe||A full recovery is made within 2 years, with only minor problems persisting after this.||£3,950 to £8,180|
As you can see, surprising amounts can be awarded for these impacts. Therefore a data breach lawyer can evaluate your claim for compensation using these guidelines.
Speak to our team today to see if and how much compensation you could claim for non-material damage within your HR data protection breach case. You can also discuss more data breach compensation examples.
In addition to non-material damages, another column of expenses can be calculated on your behalf relating to the financial loss caused by the breach.
How might you suffer financially from your HR department experiencing a hack or human error on the part of an employee? Some examples include:
- The breach led to your bank account details leaking and someone emptied your account of all funds
- Credit facilities might be set up and exhausted in your name
- Your tax code was hacked and you paid a higher and incorrect rate
- Information about your children might be leaked meaning you need to change schools
- In very serious cases, organised criminals may have access to your home address. You might even need to move
Obviously, there could be so many other unfortunate consequences that directly cost you money. When you sit down with a No Win No Fee data breach solicitor they can help you identify and include all of them.
It’s important to remember that financial fraud can go on long after the hack or breach has been detected. Once this sensitive information is in the hands of committed and experienced criminals, you might incur bank charges, overdraft fees and penalties for weeks, or even months to come.
As you can only make one claim for a data breach, it’s vital that you properly calculate the impact of future costs on you. This amount needs to be factored into the compensation amount you aim for. Additional costs can’t be added afterwards and your lawyer can help you get the final figure precise. Call our team now for expert guidance.
To summarise, the process for starting an HR data protection breach claim is as follows:
- Firstly, put your complaint in writing to your employer or HR department
- Settle with them directly if offered
- Await a response for no longer than three months
- Without a meaningful reply, report the breach to the ICO if you wish
- Await the ICO’s assessment, during which time collate your proof of financial or emotional harm
- Reach out to a No Win No Fee data breach lawyer to take up your case
- Contact Legal Helpline for help and advice on this
In conclusion, thank you for reading this guide on how to start a claim for compensation for an HR data protection breach. We hope it has clarified your choices and offered some useful resources. If you’re ready to start your claim, getting in touch is easy.
When you discover or are informed about a breach, there is a step-by-step data breach response plan to follow. Firstly, you should express your concerns to your employer/HR department in writing. If they fail to give an adequate response within a three-month period, you can contact the ICO and ask them to investigate using this document.
The Information Commissioner’s Office can really help your claim for a data breach but it’s important to understand certain points first:
- The ICO does not pay compensation
- They may choose not to get involved in your case
- You are not obliged to involve them in your claim
- There is a three-month time period from the last meaningful response you had with your HR department about the breach. If your claim falls outside of this period, the ICO may not consider it a serious complaint.
Bringing the weight of the ICO to bear on your employer would seem like a drastic step. However, it’s important to note that your employer has nothing to gain from concealing a data breach from you or them. In fact, they risk serious fines if they do.
If they fail to inform you and will not negotiate, as well as involve the ICO you can use this time to build a case with a data breach lawyer on a No Win No Fee basis. Using your medical and financial records as their basis, they could construct a case for damages on your behalf.
That’s something we can help with. Get in touch today to learn more.
No Win No Fee agreements is a term you may be familiar with. Normally associated with personal injury or medical negligence cases, they are also used to help people in data breach cases. The obvious and immediate benefits remain exactly the same:
- There are no fees to pay to hire the data breach solicitor and start your claim
- You can expect the same candid assessment of your chances at the start – No Win No Fee lawyers take their fee from successful cases so there’s no time wasting
- There are no fees to pay as the case gets taken up and develops
- If your case fails, there are no fees to pay your data breach lawyer at all
- Throughout the case, you can rely on the understanding that your lawyer has a vested interest in success. They will be giving your case their fullest attention
The real charm to No Win No Fee cases is the low fee at the end of successful outcomes only. This amount is capped by law. It gets deducted from the settlement amount at the end. This means that you can simply provide as much information and detail as possible, let the lawyer calculate the highest possible award and wait for the result.
If you’d like more free legal advice about making an HR data breach claim, or would like to proceed with a claim, get in touch with us in any of the ways outlined below:
- You can call and speak to our friendly team right now on 0161 696 9685
- Email or write to us at Legal Helpline
- Use the ‘live support’ option, bottom right for immediate help
For more resources, please refer to this link about GDPR data breach compensation claims. At Legal Helpline we can also assist with bank data breach claims or medical data breach cases. Get in touch to discuss your concerns with us today.
Furthermore, victim support information is available for those suffering from data breach abuses. You can read tips from the ICO about protecting your data and this link allows you to read more about how to personally protect your data in the future.
Thank you for reading our guide to making a claim following an HR data breach.