My Data Privacy Was Breached By Tesco Pharmacy, Could I Claim Compensation?
In this article, we’ll look at what problems could occur following a GDPR data breach by Tesco Pharmacy. Furthermore, we’ll explain the justifications behind seeking compensation if you’re harmed financially or mentally by a breach and how much you could be paid.
In the UK, we are very lucky to have access to such a good healthcare system. Just as importantly, we have a good network of pharmacies providing easy access to medication. For these two systems to work efficiently, pharmacies need to process personal data about patients. It is vital that such information is kept securely to prevent it from getting into the wrong hands. To help with this, the General Data Protection Regulation (GDPR) has been introduced.
If you would like to discuss making a claim, Legal Helpline is here for you. Our team of specialist advisors are happy to review any case without an obligation on your part to proceed. You’ll be given free advice on your options as well.
If your case appears to be feasible, we could connect you with an experienced data breach lawyer from our panel. Should your case be accepted, it will be handled on a No Win No Fee basis which will make the process of claiming less stressful.
If you would like to talk to us today about the options available to you, please call 0161 696 9685. Alternatively, if you would like to know why data breach claims against Tesco Pharmacy might be possible, please continue reading.
Select A Section
- A Guide On Claims For A Data Breach By Tesco Pharmacy
- What Are Data Breach Claims Against Tesco Pharmacy?
- What Are The Rules On Sharing Data With Third Parties?
- Have Pharmacies Experienced Data Breaches?
- Calculating Compensation Claims For A Data Breach By Tesco Pharmacy
- Types Of Compensation Which May Be Awarded After A Data Breach
- Making A Complaint To The Information Commissioner’s Office
- No Win No Fee Claims For A Data Breach By Tesco Pharmacy
- How A Data Protection Breach Lawyer Could Help You
- How To Claim Compensation For A Breach Of Data Protection
- Contact A Specialist Solicitor
- Frequently Asked Questions About Data Breach Claims
- Where To Learn More
A Guide On Claims For A Data Breach By Tesco Pharmacy
Individuals (or data subjects) now have more control over when and how their personal information is used. This is thanks to the implementation of both the GDPR and The Data Protection Act 2018. As a result of these laws, organisations (or data controllers) must have a lawful reason for processing personal data. That may mean you need to be told why information about you is required and you might have to give consent first.
Additionally, these new pieces of legislation mean data controllers must process data securely and confidentially. Failure to do so could result in the Information Commissioner’s Office (ICO) knocking on the door. Where data protection laws are proven to have been broken, the ICO could issue a large fine to those responsible. Be aware, though, the ICO can’t award compensation to you if you suffered because of a GDPR breach.
There is only one thing you can do to receive compensation – start your own legal action. If that’s the path you choose to follow, you will need to do so within the 6-year time limit, which runs from the date you obtained knowledge of the breach. Importantly, some claims are limited to a single year if they are based on human rights breaches. If you’re not sure how long you have, please check with an advisor.
Pharmacy data breaches can happen in any number of ways. We will consider some throughout this guide, but they could be as simple as throwing patient records out with the normal rubbish, meaning personal or sensitive information could enter the public domain.
Once you have finished reading, please give us a call if you have any questions. As well as answering them, we could partner you with one of the data breach lawyers on our panel if your claim is suitable.
What Are Data Breach Claims Against Tesco Pharmacy?
In terms of being able to claim compensation, you will need to show that a personal data breach has taken place, and, as a result, you have lost money or been made ill. This could include conditions such as depression, stress or anxiety.
The GDPR states that data breaches are where some type of security problem means that personally identifiable data is altered, destroyed, accessed, lost or disclosed in an unauthorised way. Importantly, claims can be made if your suffering resulted from a deliberate or illegal act as well as accidental breaches as well.
It is quite common to associate data breaches with cybersecurity incidents. For instance, you may have read about digital data being accessed by hackers using phishing emails, keyloggers, ransomware and denial of service attacks. However, the GDPR also covers physical documentation too. That means claims could be possible if a letter containing your medical information was sent to the wrong address.
The type of data that could help to identify you directly includes information like your NHS number, name, telephone number, email address or home address. However, data that might indirectly identify you are also covered. This includes information about your ethnicity, marital status, disabilities and age.
What Are The Rules On Sharing Data With Third Parties?
When you register with your GP, they might ask for your consent to send your prescriptions to a pharmacy. That provides them with a lawful reason to share your personal information.
However, there are some occasions where data about you could be shared without your consent. For example, a pharmacist might need to inform social services or emergency services if there is a risk to life.
Have Pharmacies Experienced Data Breaches?
The ICO maintains a register of action it has taken. At the time this article was written, there were no data breaches relating to Tesco Pharmacy reported. Therefore, we are going to look at a breach relating to another pharmacy group that was reported in October 2020.
In this case, the information leak related to pharmacists rather than customers. Employee personal data is also covered by the GDPR.
During a process of recognising a worker’s union, the pharmacy group were asked to send anonymised data about pharmacists to the PDA union. However, they sent a spreadsheet containing personal information about some 2,000 pharmacists.
The PDA union realised the mistake and advised the company. However, the revised spreadsheet that was sent also contained personalised information.
The report said that the pharmacy group has agreed to participate in any ICO investigation.
Calculating Compensation Claims For A Data Breach By Tesco Pharmacy
In this part of our article, we will show some potential compensation amounts that might be paid for suffering resulting from pharmacy data breaches. This could include conditions like depression, anxiety or stress.
A case at the Court of Appeal (Vidal-Hall and others v Google Inc ) resulted in some important decisions. The Court held:
- Data breach claims for psychiatric injuries can be made without there being any financial impact on the claimant. Prior to this, financial damage was required to make a data breach claim.
- Settlements for damage such as distress and anxiety should be paid in line with the amounts used in personal injury claims.
Therefore, we have supplied figures from the Judicial College Guidelines (JCG) in our compensation table below. The JCG is used by legal professionals when determining compensation awards in personal injury cases.
|Injury Type||Severity||Compensation Bracket||Notes|
|Psychiatric (General)||Severe||£51,460 to £108,620||There will be significant difficulties in coping with life and work. The victim will also remain vulnerable, struggle to maintain relationships and treatment probably won't help much. The prognosis will be very poor.|
|Moderately Severe||£17,900 to £51,460||The amount of suffering will be very significant and similar to the above. However the victim will receive more optimistic prognosis.|
|Less severe||Up to £5,500||The amount of time daily activities (such as sleeping) have been affected will be a key factor in this category.|
|Post-Traumatic Stress Disorder||Moderately Severe||£21,730 to £56,180||While the victim will suffer significant PTSD symptoms including nightmares and flashbacks (as well as an inability to work), there will be some recovery with professional help.|
|Moderate||£7,680 to £21,730||Most PTSD symptoms will have been resolved for claims in this category. Some will remain but won't be severely disabling.|
As you can see, there is a range of severities. A medical assessment is required in data breach claims to help prove the level of your suffering. Our panel of lawyers can usually book a local appointment for you. The assessment will be carried out by an independent medical expert.
During your appointment, you will discuss how you’ve been affected by the data breach. The specialist may also ask questions about your medical records too. After you have finished, a report will be compiled to explain how you have suffered. Also, the medical expert will provide a prognosis for any future suffering too.
This report will then be used to prove the damage caused by the data breach, as well as allow your lawyer to value your injuries.
Types Of Compensation Which May Be Awarded After A Data Breach
In an ideal world, you would be able to approach a company, explain how much compensation you’d like to be paid and that would be the end of it. However, back in the real world, things aren’t that easy!
Any compensation claim you make must be fully justified and backed by evidence. Furthermore, as well as claiming for suffering already incurred, you might need to consider future suffering too.
Generally, data breach claims are separated into two elements. Material damages claims look to recover any money you’ve lost or expenses you have incurred because of the breach.
Non-material damages aim to compensate you for any pain or suffering that has resulted from the data breach.
The financial element of your claim will usually begin with a calculation to work out how much you’ve lost already. Then you may need to move on and think about future losses too. As an example, you might continue to lose money if your personal information is being circulated by criminals and being used in identity theft crimes.
For injury claims relating to psychiatric conditions caused by the breach, you’ll start with those conditions that have already been diagnosed. After that, it may be necessary to consider future problems too. For example, if your medical assessment suggests you’ll struggle to return to work because of Post-Traumatic Stress Disorder, then that might need to be factored in.
Due to the complexity of evidence required, we believe that legal representation is important in data breach claims. A specialist lawyer’s experience could make all the difference in how much compensation, if any, you are awarded.
Making A Complaint To The Information Commissioner’s Office
As we described earlier, the Information Commissioner’s Office is able to investigate companies who are suspected of breaking data protection laws. However, before you reach out to the ICO, you will need to have complained to the company directly first.
After you have been responded to, you must escalate your complaint as far as possible if you are not happy with the reply. If you have nowhere else to escalate the complaint to, you can begin discussions with the ICO once 3-months have passed.
It is important to note that the ICO doesn’t have the power to issue compensation following an investigation. They can fine a company and order them to change their processes, but you will need to make a separate data breach claim if you would like to be compensated.
That’s where we could help. Our advisors can review your chances for free and could refer you to a specialist lawyer from our panel. Why not call today to see if your case could entitle you to compensation?
No Win No Fee Claims For A Data Breach By Tesco Pharmacy
We know that many claims don’t get processed because the claimant is worried about losing money in legal fees. That’s the reason we have a panel of data breach lawyers who provide a No Win No Fee service. That means that not only could you get specialist legal representation, but you will also find the claim less stressful as your financial risks are lowered.
No Win No Fee services aren’t available to everybody though. At the beginning of your claim, a lawyer will need to check if your case has favourable prospects of success. If they agree to take on your case, you’ll be supplied with a Conditional Fee Agreement (CFA). The formal title for a No Win No Fee agreement, this contract will clearly explain what conditions your lawyer needs to achieve before they are paid. The CFA will show you that:
- You don’t need to pay fees upfront.
- The lawyer’s fees are not billed to you while your case is progressing.
- You won’t have to pay your lawyer’s fees if the claim does not succeed.
The only time your lawyer will be paid by you is if you are compensated. If that does happen, your lawyer will deduct a small success fee from your compensation award. This fee is listed in the CFA as a percentage of your compensation. For your peace of mind, we should tell you that, legally, success fees are capped.
How A Data Protection Breach Lawyer Could Help You
It is our opinion that working with data breach lawyers provide you with the best opportunity of receiving compensation in data breach claims. Using their legal experience, they can guide you through the complexity of such claims. If you decide to work with a lawyer from our panel, and your claim is accepted, they will:
- Conduct a thorough assessment of your case to understand how the data breach has affected you.
- Work hard to collect evidence that could support your claim.
- Book a local medical assessment with an independent specialist.
- Put your claim in order before presenting it to the defendant.
- Dealing with all aspects of communication with the defendant’s lawyer so you won’t need to speak with them.
- Attempt to achieve the maximum level of compensation available for you.
How To Claim Compensation For A Breach Of Data Protection
In this section, we are quickly going to run through the claims process once again.
The first step in data breach claims is to contact the company you blame for your suffering to raise a complaint. You should then escalate the complaint as far as possible if you do not agree with their response.
After 3-months have passed since your last communication, you could enlist the help of the ICO. Remember, though, while they could investigate, they can’t issue compensation. Therefore, this might be the point where you decide to seek legal representation.
If you would like free legal advice on claiming, please get in touch. If your case is accepted by a lawyer on our panel, they’ll advise whether an ICO investigation is necessary after reviewing your case.
Contact A Specialist Solicitor
You have almost completed this article about claiming for a personal data breach by Tesco Pharmacy. We do hope that you have gained all of the information you need. If you are now in a position where you’d like to discuss a claim, we are here to help. Please get in touch with us by:
- Calling our free legal advice centre on 0161 696 9685.
- Emailing [email protected] with details about the data breach that has caused you to suffer.
- Asking for free advice from an online advisor in live chat.
- Using our online enquiry form to arrange for a call at a convenient time.
For your convenience, our claims line is open 24-7 as is our live chat facility. When you contact us, we’ll offer free advice on your options and won’t pressure you into claiming. That said, if your claim is suitable, we could refer you to a data breach lawyer from our panel if you’d like to proceed.
Frequently Asked Questions About Data Breach Claims
In this section, we have provided some answers to questions we are commonly asked regarding data breach claims. If you don’t find an answer to your question, please call our team for more information.
How much time do I have to make a claim?
Data breach claims generally have a 6-year time limit from the date you obtained knowledge of the breach. That said, if the basis of the claim is a breach of human rights, the limitation period reduces to 1-year.
How long could claims take?
Data breach claims vary in the time they take to be resolved. If a company admits liability for your suffering early on in the process, the claim could be settled in a matter of months. However, cases could take longer if liability is contested by the defendant.
When can I make a data breach claim?
You could be eligible to claim compensation if you have suffered as a result of a data breach. Suffering can be made for any expenses or financial losses you’ve incurred as a result of the breach. Furthermore, you could claim for any pain and suffering caused by conditions like anxiety or stress caused by the data breach.
What can I complain about to the ICO?
Where To Learn More
Thank you for visiting today and reading this article about claiming for a personal data breach by Tesco Pharmacy. In this final section, you will find links to resources that could help you if you decide to claim. If we have not answered all of your questions, please feel free to call our team today.
Your Data Matters – A hub for different guides about your rights regarding data protection from the ICO.
Generalised Anxiety Disorder – Information on the causes, symptoms and treatment of anxiety.
As we are able to offer support for various different types of claims, we’ve listed a few of our guides below:
GDPR Data Breach Compensation Claims – Advice on when you could claim compensation for a GDPR data breach.
Bank Data Breach Claims – Information about claiming compensation if you’ve suffered damage as a result of a bank data breach.
Doorstep Dispensaree Data Breach Claims – Details about claiming for the damage caused by the Doorstep Dispensaree data breach, a pharmacy based in London.
Thank you for reading this guide to claiming compensation for a personal data breach by Tesco Pharmacy.
Guide by BH
Edited by REB