Are you a victim of a data breach by your pharmacist? Were your records accessed in a way you did not consent to? Firstly, you’re not alone. The repercussions of a pharmacy data breach can cause misery for those it impacts. Anything from damaged finances to acute personal anguish can result from another party seeing or using your private information without your consent.
In this article, we examine how laws in the UK can make it much harder for people to exploit your information and profit from your personal details. However, if you’ve already been unlucky enough to fall victim to a data breach through your pharmacist, we explain how you, or a data breach solicitor, can construct a case for compensation.
At Legal Helpline we offer immediate advice that can help clarify your case and offer suggestions on what to do next. Simply call us free on 0161 696 9685 or email us at Legal Helpline and our friendly team of advisors can look into your claim.
Select A Section
- A Guide On Claiming Compensation For A Pharmacy Data Breach
- What Is A Pharmacy Data Breach?
- Can Personal Data Be Shared Without Permission?
- Enforcement Action Taken By The ICO Against Pharmacies
- Calculating Amount Of Compensation For A Pharmacy Data Breach
- Compensation For A Data Breach?
- How You Could Get Help From The Information Commissioner
- No Win No Fee Compensation Claims For Pharmacy Data Breaches
- How Data Breach Solicitors May Help You
- What To Do If You’re Victim To A Medical Data Breach
- Speak To An Advisor
- Pharmacy Data Breach FAQs
- Where To Learn More
Data is collected about us every day. We consent to its use to help streamline communication and information for everything from the adverts we watch online to our most private medical records. But easy access to our personal information could lead to criminal and unethical uses of our private details.
Malware, phishing scams, hackers, and viruses have become common terms. The law is catching up with technological advances and those who attempt to exploit it for criminal gain. To prohibit unlawful use of our data, the UK General Data Protection Regulations (GDPR) laws were brought in in 2018. In addition, a public body called the Information Commissioners Office (ICO) helps to uphold these new laws. With the power to issue heavy fines, the ICO aims to protect your data from breaches.
We examine pharmacy data breaches in detail below. This article aims to explain how you can recognize when you’ve suffered a breach. Furthermore, it explores what you can do to report it and how a data breach lawyer could help you on a No Win No Fee basis to receive compensation for your losses because of it.
What is a pharmacy data breach? GDPR laws define data breaches in several ways which include but are not exclusive to just pharmacy data breaches. A data breach may be considered to be any of the following if they occur without your consent (except for in exceptional circumstances):
- The loss of your data
- Deliberate or accidental release of data
- Human error — a pharmacist giving someone else your prescription so that they’re aware of your personal information
- Sharing data with an untrusted/unauthorized third party
- Destruction of your data
- The unauthorised alteration of your data
- Reckless storage of data — unlocked cabinets or files left lying around
- Sloppy software protection
- Staff leaving computer screens open with personal data visible and accessible
- Targeted hacks from cybercriminals
With this in mind, you could easily suffer a breach and not know it. The pharmacy itself could suffer a breach that is undetected. Once discovered, GDPR rules oblige data controllers to report any notifiable data breaches to the ICO within 72 hours.
They also have to notify you without undue delay if there is a high risk that your rights and freedoms were adversely affected. This is valuable time that you can alert your bank or other agencies of potential cyber-attack on your details from criminal gangs who use this information for fraud.
The laws recognise that there are two key groups that have a responsibility to protect your data security called ‘controllers’ and ‘processors’. A data controller is a party that determines why and how they’ll process your personal data. A processor is a party (such as an agency) that processes your data on behalf of the data controller. (It can’t be an employee of the data controller.) Both have a duty of care to protect your data. Failure on their part that leads to your suffering means you could claim compensation.
Obviously, some sharing of data is essential. It can greatly improve services to patients and speed up the delivery of care. Absolutely central to this sharing is the principle of consent.
Without our consent, third parties could do whatever they wished with our data and GDPR sought to curtail data broking that caused misery for those dragged into advertising scams and worse.
However, there are certain instances where your data can be shared without your consent. These include legal obligations (such as an employer sharing salary data as an obligation to the HMRC) or using your data to protect your life (such as in medical emergencies).
At the heart of GDPR are some core principles regarding the processing of our personal data:
- Lawfulness, fairness, and transparency: Firstly, is the data controller abiding by the laws of decent conduct with our information?
- Purpose limitation: Is there a precise reason for the data to be gathered?
- Data minimization: Has only precisely relevant data been collected?
- Accuracy: Is the data correct and regularly updated?
- Storage limitation: Is the data being stored for the appropriate amount of time?
- Integrity and confidentiality: Do all those involved understand what is expected of them when handling the personal information of others? Is your data secure?
- Accountability: Are breaches or errors promptly reported and dealt with?
These core values try to limit problems. Human error is the cause of most data breaches in 2019, but cyberattacks from outside agencies can happen. In a case of a pharmacy data breach, it can be something as simple as a member of staff sending the wrong prescription details to another patient or leaving a laptop open, with personal information visible to unauthorised persons.
As a victim, you may not know that anything is wrong until you see a news article or start to discover unpleasant intrusions into your social media or bank details. By that point, it can be too late.
Importantly, if you can prove that a pharmacy incorrectly handled your data which caused you harm, you could start a claim for compensation. The ICO has far-reaching powers and you can complain to them if you think a medical data breach has occurred.
Some high-profile companies have been involved in data breach cases and the ICO issued a warning to pharmacies in April 2017 about careless transportation of patients’ records. A lack of training, particularly in smaller community pharmacies, and incomplete information on pharmacy websites were to blame.
Lloyds pharmacy was implicated in a breach where 2,000 customers had their personal data inappropriately shared and the third-party recipient queried the action.
In 2019 Doorstep Dispenaree was issued a huge fine of £275,000 because they left half a million patients’ records in an unsecured location. Left in unlocked containers they contained names, addresses, dates of birth, NHS numbers, and prescription details. Doorstep Dispensaree delivered mainly to care homes meaning that their clients were predominantly elderly and venerable. Exactly the kind of target cybercriminals prefer.
Fines such as these are designed to send a stern rebuke to companies that fail to take data security seriously.
Your data security matters
Has something like this affected you? Did you experience either financial or mental distress because of a data breach? Pharmacy data breach cases can attract compensation for this financial loss and anguish and you may have a legal right to seek it. Call and speak to our advisors now to see how we could help you.
How exactly can compensation be calculated for pharmacy data breaches? In 2015, the Court of Appeal heard a case called Vidal-Hall and others v Google Inc in which the judge saw that it was possible to seek damages for psychiatric harm without suffering financial loss.
Now a case for compensation is possible without necessarily suffering financial impact. This recognises the psychological pain and suffering identity theft and violation of private and confidential information can cause.
In view of this, a data breach solicitor can now calculate damages for you based on the Judicial College Guidelines for mental suffering as used in personal injury claims. (The JCG is a publication solicitors may use to value injuries.) Our table demonstrates:
|Psychiatric Damage - Severe||Severe problems that affect many areas of daily and social life.||£54,830 to £115,730|
|Psychiatric Damage - Moderately Severe||Significant problems with daily life. But, there is a more optimistic prognosis.||£19,070 to £54,830|
|Psychiatric Damage - Moderate||Marked improvement shave been made, despite having struggles with various problems.||£5,860 to £19,070|
|Psychiatric Damage - Less Severe||The effect on daily activities and sleep will be taken into account.||£1,540 to £5,860|
|PTSD - Severe||Inability to function the same as pre-trauma due to permanent effects.||£59,860 to £100,670|
|PTSD - Moderately Severe||Recovery is possible with help from a professional, but the person will still likely suffer for the foreseeable future.||£23,150 to £59,860|
|PTSD - Moderate||Largely recovered with any persisting symptoms not being majorly disabling.||£8,180 to £23,150|
|PTSD - Less Severe||A full recovery is made within 2 years, with only minor problems persisting after this.||£3,950 to £8,180|
If you use a data breach lawyer, they should request medical evidence that you have suffered anguish and psychiatric harm because of the breach. Therefore, issues such as depression, anxiety, stress, the inability to sleep, the extremes of PTSD (Post-traumatic stress disorder) and the inability to work can all be demonstrated and carry a possible compensation award.
As we have touched upon above, non-material compensation focuses on the mental health damage you have suffered from the breach, but what about actual money losses? In addition to the non-material losses, you can use evidence of financial impacts to calculate damages too.
Material damages refer to any amounts of money that you have directly lost because of the breach of your patient data such as:
- Stolen money from your account
- Credit cards opened in your name
- Future costs due to fraud or theft
- Lost money
- Counselling costs to deal with the stress
It’s important to note that you can only make claim once, so it’s vital that you consider not just immediate costs but those that might evolve in the future. A credit card opened fraudulently in your name could incur charges for years for instance. Costs could continue well into the future.
A suitable amount should be calculated to anticipate this. Once you have agreed to settle your case it cannot be amended. Speak to our advisors for help to make sure every potential cost is included.
You can follow a process when making a data breach claim against a pharmacy. Firstly, you can write to the pharmacy in question to complain. They may respond in a helpful way or they may not.
If you have tried to contact them but had an unsatisfactory response, you can raise your concerns with the ICO. You should do this within 3 months of their final response. If you exceed this timeframe, it could affect the decisions the ICO reaches, so don’t delay your decision to act.
It’s not absolutely essential to involve the ICO in every instance, but they can help in cases where the other party is being obstructive. If you can demonstrate that a breach has occurred that affects you, the ICO can take action and look into the breach.
Equally, you can claim against the pharmacy yourself and they may offer direct compensation. If they do not, or the settlement they offer doesn’t reflect your suffering, a No Win No Fee data breach lawyer can take your evidence and build a strong case for compensation on your behalf. This could result in you receiving much more.
Hiring a solicitor to help you sue a pharmacy or any business may sound expensive and complicated. This fear discourages many people from starting a rightful claim for compensation.
No Win No Fee services offer victims of data breach an opportunity to use the services of a solicitor with reduced financial risk. When you decide to start a claim for data breach compensation with a No Win No Fee lawyer, they will assess how likely your case is to win. If it does not look good, they can tell you immediately and not waste your time.
If a case looks viable, they will issue a contract called a Conditional Fee Agreement (CFA) that outlines the benefits of using a data breach solicitor in this way. Advantages include:
- You do not have to pay anything to hire a lawyer at the start of your case.
- The lawyer will not request any fees during the claim.
- Should your case fail, there will be no lawyer fees to pay at all.
The solicitor will keep a small percentage of the settlement amount if the case wins. This ‘success fee’ is simply a reward for their efforts on your behalf. Also because of this, the solicitor has a vested interest in obtaining the highest amount possible and shares the risk with you.
At Legal Helpline we offer a service that can do all of this for you. Simply call our advisors for a free, no-obligation chat about your data breach concerns and we could do the rest.
It’s important to note that anyone can start a claim for data breach compensation and that you do not need a lawyer to do it. But it’s essential to consider the time and concentration a case might take if you attempt it alone.
Perhaps an ‘online calculator’ has provided a compensation figure in under a minute? But is it correct? You may benefit from accurate legal advice here.
You may think your only option is to use the law firm that’s local to you in the high street. This doesn’t have to be the case.
One of the positives of the internet is the way it has revolutionised communication. You can work with a data breach solicitor anywhere in the country now and all the necessary ‘back and forth’ of your case can be conducted remotely.
This can open up many more options for your case and could give you access to lawyers with much greater experience in winning compensation in pharmacy data breach cases.
Allow us to introduce you to data breach solicitors who can really calculate the right amount of compensation for you and help put this awful experience behind you.
Whoever has breached your data and however the breach occurred, the law supports your right to claim compensation for pain, suffering, and financial harm.
Because of GDPR, UK consumers have a right to redress against those who have exposed their private information in a way that can really destroy lives.
To recap the steps we’ve discussed above:
- Write to the pharmacy and complain if you think you have been subject to a breach of data.
- You can raise your concerns (within three months of the pharmacy’s final response) with the ICO.
- Consider speaking to a No Win No Fee data breach lawyer about compensation.
- Carefully collect evidence to prove current and potential losses based on what is happening.
There is a 6-year time limit to making a claim for data breach compensation (1 year in cases of human rights violations) which may seem like a long time.
It’s perhaps also important to advise the ICO about your concerns within the three-month period of the final response from the pharmacy. Letting the ICO know outside of this period can affect the decisions that they reach.
You also want to limit, as much as possible, the time that online identity thieves have to steal in your name. The longer the situation continues, the greater the chances for exploitation. Get your claim started today in one simple phone call.
Thank you for reading this guide about pharmacy data breaches and what to do if you feel your data has been breached by a local pharmacist. Compensation is possible for either financial loss or mental suffering. Start your claim today by:
- Calling and speaking to our friendly advisors on 0161 696 9685
- Emailing or writing to us at Legal Helpline
- Using the ‘live support’ option, bottom right of this screen for instant legal help
In reality, what are the consequences of a data breach?
Pharmacy data breaches can mean your personal medical records are available and exploited. With this in mind, it’s easy to understand the anguish breaches can cause, to say nothing of other financial crimes it can create.
What could cause a data breach?
A file left out on view, an unlocked filing cabinet, gossiping staff— they can all result in you being a victim of a data breach. Our consent crucially underpins who sees and uses our data.
How bad is the impact of a data breach?
Absolutely devastating in some cases. The knock-on result to the victim can mean depression, PTSD, acute suffering, and in some cases, suicidal thoughts.
I’ve received the wrong prescription. What should I do?
Bring it to the attention of the pharmacist immediately. A simple oversight like a coding or keying error could cause untold damage and confusion to not just people’s medication requirements but the correct disclosure of their personal data.
Do pharmacists have a bad reputation for data breach?
Pharmacists must retain a lot of information. Smaller, local companies may lack the trained staff or infrastructure to do everything properly and the ICO acknowledges that it’s hard for everyone to get everything right.
What do cyber-criminals do with our data?
If you’re unlucky enough to fall victim to this, your information can be bought and sold on the ‘dark web’ to use in fraudulent activities. Compensation can be your chance of recovering losses.
What should I do if my details have been leaked already?
Speak to your bank about changing passwords and security details. Try to limit potential danger by checking consent forms on all online websites and social media platforms. Approach it in the same way that you might a physical robbery and react accordingly.
Also, get in touch with the organisation that leaked your data or contact the ICO if appropriate.
Where To Learn More
We hope that this article has explained some of the laws that seek to protect our rights as consumers. Data breaches carry consequences to the unwitting patient or customer: financial loss and mental suffering.
At Legal Helpline we try to offer you the resources to make the right decision about how to start a case for medical data breach compensation. With the right advice, it’s possible to calculate compensation properly and make sure that you get the right amount.
Thank you for reading our guide on what to do if you suffer a pharmacy data breach.
Written by JW
Edited by RV