By Cat Stardew. Last Updated 23rd June 2023. Personal information belongs to us in the same way as any other possession. We have a right for it to be protected. In 2018, laws changed the way data can be handled. Any agency, organisation or company that wishes to access and use our data now is bound by law to do so within strict parameters. You may be surprised to learn that this includes law enforcement agencies. We might expect them to be extra careful but in reality, you could suffer a data breach caused by the police.
We tend to assume that given their role, the police would be the last to breach or contravene a law. However, because of the use of outside agencies to process, store and handle data it can be all too easy for personal information to slip through the safety net. It can end up in the public realm where any number of people could access it for illegal purposes.
Whether you are a victim of a crime or currently under investigation yourself, the lapse in the duty of care regarding our private information is something the police can be held culpable for.
You could receive compensation if you can prove that you suffered damage as a result of a data breach. The specifics of your involvement with the police right now are not important. The issue is how the police have mishandled your sensitive data in a way that may have led to your emotional or financial harm.
Get in touch
If this issue has affected you, changes in the law mean you could be awarded compensation. To learn more:
- Call us directly on 0161 696 9685
- Email us at Legal Helpline
- You can also use the ‘live support’ option bottom, right for instant legal help and advice about your data breach by the police.
Select A Section
- A Guide On Compensation Claims For A Data Breach By The Police
- What Is A Data Breach Claim Against The Police?
- How Does The GDPR Affect Police Data Sharing?
- Instances Of Police GDPR And Data Breaches
- Calculating Compensation Amounts For A Data Breach By The Police
- Types Of Damages Awarded To Data Breach Victims
- How To Report The Police To The Information Commissioner
- No Win No Fee Compensation Claims For A Data Breach By The Police
- How To Find And Get Help From A Specialist Solicitor
- How To Start Your Claim For Damages
- Contact Our Team
- Frequently Asked Questions About Data Breaches
- Where To Find Out More
In this guide, we explain how changes in the law under General Data Protection Regulation (GDPR) mean that compensation can now be awarded for both financial and emotional damage. We examine what constitutes a breach, how it might happen and what you can do about it. We look specifically at how an independent body called the Information Commissioners Office (ICO) can support your rights to data protection.
A case called Vidal-Hall v Google meant that financial damage is no longer needed to be present to allow the victim to claim for emotional damage. Described as ‘material’ and ‘non-material’ damage, these changes now mean that anyone who has experienced negative effects from a police data breach can seek either or both types of compensation for their experience.
We explain how you can do this by working with a No Win No Fee data breach solicitor from our panel. A police data breach could have devastating consequences on you as a victim by leaking crucially private details into the public realm. As someone under suspicion, it could compromise your ability to have a fair investigation and trial. Or it could threaten your safety. Either way, at Legal Helpline we can help.
If you have evidence of how leaked personal information by the police or their data processors has directly led to you suffering emotional or financial damage, call our team right now to get started.
Personal information is collected for a great many reasons by an array of companies and agencies. Every time we go online to make a purchase, send an email or buy something we either overtly or tacitly consent to the collection and use of our personal information.
Amongst other information gathering techniques during investigations, police forces use scene of crime reports and liaise with other police forces to build evidence. The police use databases like the Police National Computer and Automatic Number Plate Recognition (ANPR) to collect information such as cautions and convictions. Others can access this information too such as:
- All territorial police forces in England and Wales
- Other police organisations, including the Police Service of Northern Ireland, Police Scotland, Isle of Man Constabulary, States of Guernsey Police Agency and States of Jersey Police
- National Police Chiefs Council
- British Transport Police
- Civil Nuclear Constabulary
- Defence Intelligence Staff
- National Identification Service
- National Crime Agency
- Ministry of Defence Police
- The Security Service (MI5)
- The Secret Intelligence Service (MI6)
Given the volatile nature of crime and the need for the police response to be agile and accurate, sharing data is essential to their role. This can make the safeguarding of information very difficult. If they fail and you suffer damage as a result, you could claim against:
- Police forces
- The Ministry of Justice
Definition of a breach and examples of how it could happen
The ICO recognises that a data breach is defined as any accidental or deliberate loss, destruction, alteration or unauthorised sharing of personal data that exposed the data subject to damage of a social, economic, emotional or reputational kind.
This can happen in a number of ways, such as:
- Lost or stolen laptops, USB sticks and smartphones
- Failure to redact documents before sharing
- Computer screens left open with vital data
- Documents left lying in plain view
- Discussing details openly with colleagues or other parties
- Social media posts that include details
- Filing systems left unsecured
- Hacking and cybercrime
- Viruses, malware and ransomware attacks
- Careless transportation issues
- Insufficient security protocols or weak firewalls
- Poor training and human error
Controllers, Processors and Third-Party users
Obviously, it’s not unreasonable to expect that data security within the police force would be robust. Human error accounts for a large part of the problem. Data sharing involves three main groups of people. Mistakes by any of them can create a breach at any point in the sharing process:
- Controllers – Those in possession of our data either with consent or in certain cases without requiring our permission. For example, the police do not require your consent to collect your name and address in the course of their lawful duty, but they do require it if they wish to then pass that information on to others.
- Processors – Agencies either inside or outside the police force who collate, store and use the information. An example here could be an outside agency authorised by the police force to store paper documents in a secure way, or physically move them to different locations. They could also be the party charged with sending data electronically to third parties who need it.
- Third parties – Outside recipients who need your information. A typical example of an appropriate third party in a case like this might be your solicitor or counsellor. A breach could be defined as a third party who obtains your information illegally and then uses it for inappropriate or exploitative purposes.
This is why breaches are so serious. ICO fines can be very significant (£17.5 million in the most extreme data breach cases) to reflect the potential for lost data to ruin lives. Because of GDPR, the three parties mentioned above now have a legal duty to treat data with the utmost care.
GDPR is well written and thorough in its explanations. It clearly outlines how it expects organisations to demonstrate compliance and aims to make it as easy as possible for all involved to understand these relatively new laws.
The core principles outlined by the ICO for correct data handling are as follows:
- Only lawful and obvious reasons for collecting the data are permitted
- Limiting the reasons for collecting data
- Keeping the collected data to an appropriate minimum
- Ensuring that data is accurate, updated regularly and not used in a prejudicial way against the subject (particularly relevant in police data breach cases)
- The data is only retained for a set period of time after which it is properly destroyed
- That everyone engaged in the data process shows integrity and confidentiality
- Accountability – admitting to breaches within 72 hours of discovery and taking appropriate steps to deal with them.
The ICO can respond to the failure of these principles with financial penalties and prosecutions.
GDPR should not make the role of the police more difficult. On the contrary, these rules can protect police procedure from abuse and misinterpretation which should assist them in their duties.
Each person involved in the data sharing process should ask themselves, ‘would I be happy for anyone to know this?’ Given that the internet could distribute this data around the world, this awareness has never been more important.
GDPR rules simply try to enforce more control over data for the individual. By asking all agencies to think more carefully about how they discuss, share and use other people’s information benefits us all, and ultimately reduces the margin for criminal opportunities.
Police data use has come under scrutiny from the ICO. The Met Police’s use of a database called ‘Gang Matrix’ was found to be collecting and using the information in a way that was beyond the original remit. In view of this, the ICO felt that whilst there was a legitimate reason for collecting the data, it was being used in an inconsistent way. They issued an enforcement notice to MPS. Furthermore, they issued a statement explaining that it was not their intention to frustrate police activities, merely to uphold the law that protects us all from data abuses.
In Gloucestershire, police received a fine of £80,000 by the ICO after sending a bulk email that identified historical child sex abuse victims. Greater Manchester Police was fined £150,000 after victim interviews went missing, and a Kent man was prosecuted and Kent police cautioned after police data was leaked on Twitter.
Clearly, breaches such as this are in no one’s interests. But they do occur. If you suffered a breach of information through a police force you might qualify for compensation. This is something the breaching party can offer to settle with you directly. Or you may ask the ICO to step in and investigate on your behalf, but they do not pay compensation. You can also work with a data breach solicitor to build a case for damages. Our team can help you start now.
How Long Do I Have To Claim Compensation For A Data Breach?
In order to claim compensation for a breach of data protection that affected your personal data and caused you to suffer harm, you must start proceedings within the required time limit.
Generally, you will have six years to start a personal data breach claim. However, this time limit changes if you intend to claim compensation for a data breach from a public body. In this case, the time limit falls to one year.
One of the benefits of working with a solicitor on your claim is that they can help ensure that your claim is filed within the relevant time limit. A solicitor from our panel could also help you gather evidence to strengthen your claim and answer any questions you might have about the personal data breach claims process. Contact our team today to learn more.
Since the alteration in the law, it’s now possible to consider mental damage in its own right in data breach cases. Below is a table of recommended awards from the Judicial College Guidelines. These amounts reflect the impact of pain and suffering, acute mental and psychological distress. All of these things could arise as a result of a data breach by the police.
|Psychiatric Damage - Severe||Severe problems that affect many areas of daily and social life.||£54,830 to £115,730|
|Psychiatric Damage - Moderately Severe||Significant problems with daily life. But, there is a more optimistic prognosis.||£19,070 to £54,830|
|Psychiatric Damage - Moderate||Marked improvement shave been made, despite having struggles with various problems.||£5,860 to £19,070|
|Psychiatric Damage - Less Severe||The effect on daily activities and sleep will be taken into account.||£1,540 to £5,860|
|PTSD - Severe||Inability to function the same as pre-trauma due to permanent effects.||£59,860 to £100,670|
|PTSD - Moderately Severe||Recovery is possible with help from a professional, but the person will still likely suffer for the foreseeable future.||£23,150 to £59,860|
|PTSD - Moderate||Largely recovered with any persisting symptoms not being majorly disabling.||£8,180 to £23,150|
|PTSD - Less Severe||A full recovery is made within 2 years, with only minor problems persisting after this.||£3,950 to £8,180|
Proving these detrimental effects is essential. A No Win No Fee data breach solicitor can arrange for a psychiatric evaluation on your behalf as part of the claims process. If you can demonstrate that the leaked data led to you suffering any of the following, you could have grounds to pursue compensation:
- Loss of sleep
- Increased anxiety or panic attacks
- Phobias or thoughts of suicide
- Loss of earnings from inability to cope
In severe cases, you might suffer an injury at the hands of retaliatory attacks or other hostile parties who learn about the breach. You can calculate potential compensation amounts on that basis, too. Speak with our team now for guidance on how a claim for these non-material damages could be constructed on your behalf.
As discussed, you can settle directly with the police force in question for a data breach if they offer that. If they do not give a helpful response or intend to validate your claim, you can sue them instead.
In addition to the non-material calculations, you can also have actual material loss taken into account. An example might be that the data breach by the police has exposed your work address to people you have given evidence against. This may result in you being unable to go to work as normal. This tangible loss in your income is linked to the breach. A data breach lawyer can calculate these losses and get them included in your claim for compensation.
Alternatively, if you are under police investigation for an offence and the data breach compromises your defence by alerting others, this could result in a material loss for you as well. In addition to this, once your private data is in the public realm it can be exploited by cybercriminals for fraudulent gain. Credit card theft in your name and identity theft can result in you being liable for sudden debts.
It’s important to note also that you have only one chance at making a data breach compensation claim. It’s therefore essential to include every repercussion in one place as future losses may not be considered. With this in mind, you need to calculate as accurately as possible all the future fees and charges that could result from credit card fraud in your name. A data breach solicitor can help you do this. The final amount of compensation you aim for should cover all these possibilities.
The ICO is not a body that can pay you compensation. They are, however, useful to involve if necessary, as their interest can lend real weight to claims relating to a police data breach. You can contact them and ask them to intervene if you have received no meaningful response from the police about your complaint of data infringement.
However you decide to approach your case, a complaint in writing is the first step. This needs to happen within a three month period since the last meaningful contact with the police. Outside of this time frame and the ICO may consider the matter settled. If you do not receive a satisfactory response from the police authority involved, you can ask the ICO to look at your breach and if it has merit, they can apply considerable pressure to get a response as well as investigate themselves.
As the ICO assess the breach, now can be a good opportunity to connect with a No Win No Fee lawyer and discuss your options about a claim for compensation.
You can sue the police on a No Win No Fee basis if you have proof of a data infringement. This proof can originate from the police admitting there has been a breach that implicates you. However you discover the data breach, contact Legal Helpline now to see how we could help you get compensation for it.
The service that we offer could introduce you to No Win No Fee lawyers from our panel who help clients remotely across the country. At no upfront cost and with no fees to pay as the case develops, No Win No Fee agreements can offer you immediate legal representation. If your case fails, there’s nothing to pay your lawyer’s at all.
No Win No Fee data breach solicitors take their fee from cases that win. This means a small, legally capped percentage is deducted from the compensation award at the end. Because their fee derives from a successful outcome, you know the lawyer is giving your case their full attention.
One of the advantages of the internet is the way in which it has revolutionised how people can access much better resources. In the past, we relied upon the law firm at the end of our local high street, (who may have excellent credentials) but are not especially skilled in cases involving data breaches.
Using companies such as ours, it is now possible to benefit from the skill and expertise of data breach solicitors with three decades of expertise. They could work remotely with you all around the country, giving your data breach claim against a police force or the Ministry of Justice a whole new dimension.
Why not call today for a brief, informal chat in complete confidence and see how Legal Helpline could help you today.
At the outset of your claim, it’s essential that you believe you have solid grounds to make an accusation of a data breach by the police. It is unethical and time-wasting to simply attempt to start compensation claims on the off chance that the police were responsible for the breach.
Given the exact nature of their role, the police are required to be extremely careful about how information is used regarding victims or perpetrators. It’s worth making sure at the start that your claim is valid. You can speak to our team for clarity.
Once you’re sure you have a legitimate claim for data breach against a police force, you can follow this simple procedure:
- Contact them in writing to complain about the breach
- If you fail to hear anything meaningful within three months, take your complaint to the ICO
- They can investigate on your behalf if the case has merit
- Start to assemble proof that you have suffered either emotionally or financially as a result of the data breach. This needs to be factual proof, medical assessments and financial statements
- Contact Legal Helpline to talk about using the services of a No Win No Fee data breach solicitor. They could take your case on and construct a case on your behalf.
We appreciate you taking the time to read this guide. Whether you are a victim of a crime or currently under criminal investigation yourself, the police have a legal responsibility to handle your personal information with the utmost tact and circumspection. This is now law. If you believe you have evidence that proves they failed in that duty, you could start a claim for compensation against them.
Speak to our friendly advisors with complete discretion and confidentiality. You can call us directly on 0161 696 9685 or email us at Legal Helpline. You can also use the ‘live support’ option bottom, right for instant legal help and advice.
What constitutes a breach of data protection?
Any type of:
- accidental or deliberate loss
- unauthorised sharing of data
that leads to personal damage can be described as a data breach.
It can be the result of human error. It could be willful cyber attacks from hackers and outside parties seeking to exploit our data for criminal gain.
What data breaches must be reported?
A data breach really only requires reporting if it presents a risk to the freedoms and rights of natural, living persons. This refers to actual economic, social or reputational harm to an actual person. If you’re not sure if your data breach warrants contacting the ICO or starting a claim, speak to our team for advice.
My rights if my data has been breached – what are they?
It does not need to go to court. The agency can offer to simply pay compensation to you directly to settle the issue.
How do I complain about a data breach?
You can do so in writing directly to the agency you believe has breached your data rights. If you fail to receive a response, you can then report the situation to the ICO who may investigate. Finally, you can engage the services of a No Win No Fee data breach lawyer. They can represent you in a claim for compensation.
For more information about a police data breach or any kind of police data infringement that led to personal damages, please refer to our guide on GDPR data breach compensation claims. Head here to learn more about bank data breach claims, or here for more on medical data breaches.
Victim support is available for data breach victims and the government offers advice on how to better protect your data. You can also request to see your data from the police.
Thank you for reading our guide to making a claim following a data breach by the police.
Guide by JJW
Edited by REB