My Data Privacy Was Breached By Sainsbury’s Bank, Could I Claim Compensation?
Whether you’re a customer or employee of Sainsbury’s Bank, you would likely have given the organisation some of your personal data in order for them to provide you with services or fulfil your contract. As such, Sainsbury’s Bank would be a data controller and would have a legal responsibility to protect that data. If they have failed to do so, and you can prove that you’ve suffered financial or emotional damage, you could be eligible to claim data breach compensation. But how do data breach claims against Sainsbury’s Bank work? Do you need a data breach lawyer to help you? And how long would you have to make a data breach claim? We answer all these questions and more in the following guide.
There are lots of ways in which Sainsbury’s Bank could breach your personal data. The bank could fall victim to a hack, a virus, ransomware, spyware or malware attack. Or, a member of staff could make an error and send your details to an unauthorised third party.
In some cases, the theft of computer equipment could lead to a data breach, or employees could be taken in by a phishing attack, and unknowingly breach your data in this way. However a breach happens, if it violates data protection law and you are harmed because of it, you could be eligible to claim.
How Could This Guide Help Me?
Here at Legal Helpline, we believe everyone should be able to access guidance on data breach claims. This guide explains the laws surrounding data protection and discusses how breaches of personal data could occur.
We also explain how you could make a No Win No Fee claim without having to pay a data breach solicitor until your claim ends. Also, we show you how Legal Helpline could help you start a claim by connecting you with a lawyer that works under these terms.
If you have any concerns or questions about your claim or would like to get started, we’d be happy to advise you. Please call our team at any time on 0161 696 9685.
Select A Section
- A Guide On Data Protection Breach Claims Against Sainsbury’s Bank
- What Are Data Protection Breach Claims Against Sainsbury’s Bank?
- Third Party Data Breaches And The GDPR
- Banking And Financial Services Data Breach Fines
- Calculating Claims For A Data Protection Breaches
- Types Of Damages For Data Protection Breaches
- How To Report Financial Services Data Breaches
- Data Protection Breach Claims Against Sainsbury’s Bank Under No Win No Fee Agreements
- What Do Data Protection Lawyers Do?
- How Do I Claim Compensation For A Data Breach?
- Talk To Our Specialist Team
- FAQs On Data Breach Claims
- Where To Learn More
There are several different laws in place to protect personal data. Under the General Data Protection Regulation (GDPR), and its application in the UK under the Data Protection Act 2018, all data controllers should ensure the protection of the personal data they process. If an organisation fails to protect such data, breaching data protection law, data subjects that suffer damage because of the breach could claim compensation.
In the sections of this guide, we talk you through the reasons that could justify data breach claims against Sainsbury’s Bank. We explain the role of the Information Commissioner’s Office (ICO) in enforcing data protection legislation and how you could report a breach to them. Also, we look at the types of compensation you could claim, and how data breach lawyers could help you.
Time Limits For Data Breach Claims Against Sainsbury’s Bank
Before we explain more about making data breach claims against Sainsbury’s Bank, we should let you know that there is a limitation period attached to such claims.
Usually, you would have 6 years from the date you gained knowledge of the breach to claim. However, if you’re claiming for a human rights breach, you would only have one year to make your claim.
If you’re looking for a data breach solicitor to help you, we could quickly connect you with such a professional from our panel, so you could start your claim quickly if you’re getting close to the end of the limitation period.
And remember, if you have an questions, just get in touch with us on the number at the top of this page.
To provide you with services, whether as a customer or employee, Sainsbury’s Bank would need some of your personal information.
Organisations, including financial institutions such as Sainsbury’s Bank, by law, must hold data securely, and protect its privacy. They must protect personal customer data such as telephone numbers, name, address, and e-mail addresses, as well as financial information such as credit card information.
This is all classed as personal data and should be protected in line with the Data Protection Act 2018, which includes the UK’s application of GDPR. Under Section 168 and 169 of the Act, data subjects have the right to claim compensation for material or non-material damage that occurs due to a breach of the GDPR.
When Can I Make Data Protection Breach Claims Against Sainsbury’s Bank?
To make a claim as a victim of a data breach, you’d have to evidence that Sainsbury’s Bank had breached your data, and you’d been harmed by it. But what is the definition of a data breach?
The ICO describes data breaches as data security incidents that lead to data being:
- Unlawfully accessed, disclosed, transmitted, altered or destroyed
- Made unavailable
What Could Lead To Data Protection Breach Claims Against Sainsbury’s Bank
There are many ways in which this could happen, including:
- A hack – A hacker could use a bot to look for vulnerabilities in cloud software or a network to gain unauthorised access to systems. They could then use malware, spyware, ransomware or DDoS programs to exploit personal data on the dark web. They could even use such systems to launch another cyber attack elsewhere.
- A human error – If an employee of the bank accidentally sends data to the wrong recipient by e-mail, letter or otherwise, this could also be a breach. Loss of paperwork and a failure to secure personal data held in filing cabinets could also result in a breach.
- Negligence – If Sainsbury’s Bank fails to install appropriate data security software, such as a firewall, or neglects to update it in order for your data to be protected, this could also lead to a breach.
If you can prove that you’ve suffered financial or mental damage as a result of the ways described above, you could make data breach claims against Sainsbury’s Bank.
A company that is providing a financial service to you must abide by data protection law when it comes to the sharing of your personal data. In some cases, Sainsbury’s Bank may need to share your personal data in order to provide you with services.
However, under GDPR, they must ask for your consent, unless they have a ‘valid reason’ for sharing your information without it. Such reasons, according to the ICO, include:
- Public task
- Legal Obligation
- Legitimate interests
- Vital interests
If an organisation shares your personal or financial information without your consent, and does not have a valid reason for doing so, this could be considered a breach. If you can show that you have suffered damage in a breach, you could seek help from a data breach lawyer and make a claim for compensation.
The Information Commissioner’s Office (ICO for short) is an independent body set up to uphold people’s data rights. It has the authority to investigate breaches of data protection law. Some of the laws it enforces include:
- Environmental Information Regulations
- Privacy and Electronic Communications Regulations (PECR)
- Freedom of Information Act
- Data Protection Act
- The Re-use of Public Sector Information Regulations
- INSPIRE Regulations
Does The ICO Enforce GDPR?
The ICO does enforce GDPR and its enshrinement into UK law in the form of the Data Protection Act. It could issue enforcement actions including fines to organisations that breach GDPR. The maximum fine it could issue is currently £17.5m or 4% of an organisation’s global annual turnover.
Examples Of Data Breach Fines
- In 2017, before GDPR came into force, Vanquis bank received a fine of £75,000 for sending marketing emails to promote credit cards without recipients’ consent.
- In another case, Xerpla, a London-based organisation was also fined £50,000 by the ICO for sending 1.26 million spam emails without the recipients’ consent.
While these fines did not relate to GDPR breaches, they do show that the ICO takes breaches of data protection law seriously.
Those making data breach claims against Sainsbury’s Bank may wish to know how much compensation they could achieve for the damage sustained.
All data breach claims are different and as such, solicitors and courts must assess the evidence of each individual case before arriving at an appropriate amount. Each claimant may have experienced different types of damage and different levels of severity.
What we do know for certain is that there could be a route to compensation for those who’ve suffered psychological or psychiatric harm, such as distress, anxiety or depression, due to a data breach.
In 2015, a legal precedent was set in Vidal-Hall and others v Google Inc . In the case, the issue of how to compensate data breach victims was discussed. It was held that those who had suffered mental damage in the absence of financial damage should be eligible to claim compensation too—a departure from the previous position which required some form of financial harm.
It was further decided that awards similar to those in personal injury cases for psychological/psychiatric harm could be considered when valuing mental damage.
What Does This Mean For My Compensation Payout?
This could mean you could claim for anxiety, distress, loss of sleep or depression caused by a data breach. You would, however, need to attend a medical assessment with an independent expert to obtain written evidence of this—something we can arrange as part of your claim.
The expert would examine you, and write a medical report, which courts and lawyers would use to determine the appropriate level of compensation for such injuries. They would also use a publication called the Judicial College Guidelines to hone in on what could be an appropriate value.
We have taken some figures from this publication and created the table below. This could give you a rough idea on how much compensation could be appropriate in such cases.
|Injuries||Level of severity||(Approx)Compensation Bracket|
|General psychological injury||Severe||£51,460 to £108,620|
|Post-traumatic stress condition/PTSD||Severe||£56,180 to £94,470|
|Post-traumatic stress condition/PTSD||Moderately severe||£21,730 to £56,180|
|General psychological injury||Moderately severe||£17,900 to £51,460|
|General psychological injury||Moderate||£5,500 to £17,900|
|Post-traumatic stress condition/PTSD||Moderate||£7,680 to £21,730|
|General psychological injury||Less severe||Up to £5,500|
|Post-traumatic stress condition/PTSD||Less severe||Up to £7,680|
For a more concrete estimate, we’d need to know more about your case. Get in touch with our team of data breach claims advisers to learn more.
As we have mentioned, if you’re making data breach claims against Sainsbury’s Bank, you could claim for non-material and material harm. But what does this mean?
- Material Damage – A data breach by Sainsbury’s Bank could lead to your financial information being exploited. People could use this information to steal from you or commit identity fraud. This could result in financial damage. A data breach claim could help compensate you for such harm.
- Non-Material Damage – As described in the section above, you could claim for psychological/psychiatric injuries caused by a data breach, such as distress, anxiety, depression or PTSD.
If you’d like us to, we could assess your case to see what compensation you could be eligible to claim. We could then put you in touch with a data breach lawyer from our panel to help you get the compensation you deserve.
There are a number of steps you might wish to take if you’ve been the victim of a data breach.
- Initially, the ICO advises you to take the matter up with the organisation directly. You could write to them detailing what has happened and ask them to respond to you after they have investigated.
- If you don’t receive a satisfactory response, you could escalate your concerns with the ICO. However, they may not choose to investigate if there are undue delays in bringing such a matter to their attention.
- No matter whether you raise a complaint with the ICO, if it’s been more than three months since there was any meaningful contact from the organisation, you could take legal action. You could search for a data breach lawyer and make a claim for compensation. We could help connect you with such a lawyer.
Data protection breach claims against Sainsbury’s Bank don’t have to involve the claimant paying legal fees upfront. You could make a data breach claim on a No Win No Fee basis, where you’d only pay your lawyer’s legal fees if they obtained a payout for you.
How Do No Win No Fee Data Protection Breach Claims Against Sainsbury’s Bank Work?
- Initially, your lawyer would need to send you a Conditional Fee Agreement (the official title of a No Win No Fee agreement). Within this document, a success fee is mentioned. This small, legally capped fee is what you would pay if your lawyer obtains a settlement for you.
- When you sign and send the agreement back to your lawyer, they could then work on your case for you. They would put together a body of evidence and try to negotiate a settlement on your behalf.
- If your compensation comes through, your solicitor would deduct their success fee. The rest would then be for your benefit.
- If your claim did not succeed, you wouldn’t have to pay any of your lawyer’s fees, nor the success fee.
If you have questions about No Win No Fee claims or would like us to connect you with a data breach lawyer from our panel, we’d be happy to help. Or for further reading, we have produced a guide explaining the No Win No Fee claims, which you could take a look at here.
We’ve explained already that you could complain directly to an organisation that has breached your data. Then, if they don’t come back to you with a satisfactory response, you could raise your concerns with the ICO. We’ve also explained that you don’t need to report a breach to the ICO to claim. What we haven’t explained is the role of the data breach lawyer, should you choose to work with such a lawyer on your claim.
The benefits of using a data breach solicitor to claim compensation for a data breach by Sainsbury’s Bank could include:
- Having a legal professional put forward the strongest case possible for compensation
- Not having to negotiate compensation; the lawyer would do this for you
- Ensuring you claim for all the non-material and material damages you could be eligible for
- Supporting you through the entire claims process
It is true that you could begin data breach claims against Sainsbury’s Bank alone. However, you may feel that with a data breach lawyer on your side, the process would be much easier.
If you’re intending on claiming compensation for a data breach by Sainsbury’s Bank, you could go it alone. However, after reading the previous section, you might be seeking a data breach solicitor’s help.
If you are then you might find that there is plenty of choice when it comes to the data breach lawyers you could choose from. And you don’t have to choose a local solicitor either. In the modern digital world, much of your claim could be handled online, via e-mail, phone or letter. So how do you choose from all the law firms out there? You could:
- Ask for recommendations from colleagues, family or friends
- Conduct a web search and narrow down to a shortlist, before calling them
- Take a look at independent review sites
- Or, we could help you.
Getting Help From Legal Helpline
Here at Legal Helpline, we have successfully helped many claimants connect with our panel of data breach solicitors for their claims. We also offer free, no-obligation eligibility checks and free legal advice over the phone.
If you’d like us to help in any way, simply get in touch with our knowledgeable, friendly team.
Are you ready to talk to us about data breach claims against Sainsbury’s Bank? If so, we’re ready to listen. You can reach us by:
In this section of our guide to data breach claims, we’ve included some answers to questions we often see asked.
How Do You Handle A Data Breach?
An organisation that has a data breach where personal information is compromised has a duty to record it. If it affects the rights and freedoms of data subjects, it must report the breach to the ICO within 72 hours. It must also inform affected subjects.
Who Is Liable When A Data Breach Occurs?
Usually, in data protection breach claims, it is the organisation that breached your data that is liable. If an employee at Sainsbury’s Bank made an error and breached your data, your claim would be against Sainsbury’s Bank, not the individual employee.
How Much Can You Be Fined For GDPR Breach?
The ICO has the power to fine organisations a maximum of £17.5 million or 4% of its annual global turnover, whichever of these amounts is higher.
Can You Get Sacked For Breaching Data Protection?
Breaching data protection could lead to an employer firing a member of staff. A contravention of data protection law could be a serious problem. An employer could take disciplinary action against an employee who breaches someone’s data. As well as this, if the data breach represents gross misconduct, as it is malicious in nature, for example, an employer could dismiss the culprit immediately.
In our final section, we’ve added links to some guides you find useful.
Employer Data Breaches– If Sainsbury’s Bank breached your data as an employee, you might find this guide useful.
Pharmacy Data Breach – If a pharmacy within Sainsbury’s breached your data, you might be interested in this guide.
Banking Data Breaches – General guidance on banking data breaches can be found here.
How Do I Keep My Data Safe? – The National Cyber Security Centre offers lots of guidance on protecting your data.
Data Breach Anxiety – You can find assistance on the NHS website if you’re experiencing anxiety.
Victim Support – If you’ve been affected by identity theft, this resource could be helpful.
Thank you for reading our guide to data breach claims against Sainsbury’s Bank.
Guide by JJ
Edited by REB