My Data Privacy Was Breached By Well Pharmacy, Could I Claim Compensation?
All pharmacies owe patients and staff a duty of care to try and protect the personal information they hold about them. Without that information, it would be impossible to function properly, so steps need to be taken to secure it. That is truer than ever since the arrival of the General Data Protection Regulation (or GDPR). Anybody whose personal information is accessed illegally could suffer embarrassment, anxiety or even lose money if criminals use their data. In this article, we are going to look at a GDPR data breach by Well Pharmacy. We’ll also explain how such breaches could affect you and if you could be compensated for any suffering.
We would like to help you if you have any questions about claiming. Our team of specialists are happy to offer you a no-obligation telephone consultation. After your claim has been reviewed properly, we’ll provide free advice about your options.
If the claim appears to be suitable, we could connect you to one of the data breach lawyers on our panel. Importantly, they’ll offer a No Win No Fee service for any claim that is accepted.
To discuss your eligibility to claim today, why not call us on 0161 696 9685? Any advice we supply is free and you won’t be under any obligation to proceed. Alternatively, please feel free to continue reading so that you can learn more about claiming for a pharmacy data breach.
Select A Section
- A Guide On Claims For A Data Breach By Well Pharmacy
- What Is A Data Breach Claim Against Well Pharmacy?
- What Data Could Be Shared With Third Parties Under The GDPR?
- ICO Enforcement Action Against Well Pharmacy
- Calculating Compensation Claims For A Data Breach By Well Pharmacy
- Types Of Compensation Awarded To Data Breach Victims
- How Does The Data Protection Act And Information Commissioner Help You?
- No Win No Fee Compensation Claims For A Data Breach By Well Pharmacy
- What Do Data Protection Lawyers Do?
- What To Do If You’re The Victim Of A Data Breach?
- Speak To A Specialist Advisor
- Frequently Asked Questions About Data Breach Claims
- Where To Learn More About Data Protection
A Guide On Claims For A Data Breach By Well Pharmacy
The GDPR is an important piece of legislation introduced by the EU to provide greater protection to its citizens. The UK enacted the GDPR into law in the form of the Data Protection Act 2018. The idea is that you, the data subject, gain more control over how your personal information is used. Additionally, data controllers (the organisations who use your data) must have a lawful reason before processing personal data. In a lot of cases, you will be told why your data is required and you may also need to consent to its use.
The tightening of existing rules means that data controllers need to implement extra levels of security to try and keep personal data safe. Any organisation that fails could expect a knock at the door from the Information Commissioner’s Office (ICO).
Following an investigation, the ICO are able to hand out large fines to anybody who has broken the new rules. Importantly, though, the ICO has no power when it comes to compensating somebody who has been affected by a GDPR data breach.
To receive compensation, you will therefore need to start your own legal proceedings. If that is something you are interested in doing, you will need to claim within the relevant time limit. Mostly, claims have a 6-year limitation period. Please be aware, though, that if the claim is based on a human rights breach, you’ll only have 1-year.
The harm that can result from pharmacy data breaches varies. In some instances, nothing bad will happen. However, in others, you may become filled with anxiety because of the data that’s released, or you might lose money to criminals.
We are here to support you when you’re ready to discuss your claim. Please call our data breach specialists for a free assessment of your case. We’ll give free legal advice on how to proceed or whether you require extra information first.
What Is A Data Breach Claim Against Well Pharmacy?
Personal data breaches happen when a security problem leads to data being lost, altered, accessed, destroyed or disclosed in a way the data subject has not consented to. Some acts are illegal and deliberate while some are completely accidental. Regardless of how the breach occurred, you may be entitled to claim if the breach led to you suffering financial or mental damage.
The main things you will need to show to be eligible for compensation is that the breach did in fact take place and that you lost money or suffered mental harm as a result.
It is worth pointing out that claims are possible for all sorts of data breaches. While you will often hear of breaches caused by cybersecurity problems (like hacking, ransomware, phishing emails and viruses), they are also possible if physical documents are not stored securely as well. For example, if a pharmacy sent a letter containing personal information about you to the wrong address, then a breach will have occurred.
The GDPR documentation explains that any data that could be used to identify you is covered. This could include your name, NHS number, telephone number, email address or home address. In a similar way, data that might indirectly identify who you are is covered too. That covers data relating to ethnicity, whether you’re married, your age, your gender or any disabilities you have.
What Data Could Be Shared With Third Parties Under The GDPR?
As we explained at the start of this article, there must be a lawful reason for your data to be processed or shared. That doesn’t always mean your consent is required though. On occasion, for a lawful reason, a pharmacy could share personal information about you without asking. For example, they may need to inform the emergency services of your location if you were at risk.
However, if there isn’t a lawful reason, and a pharmacy shares personal information about you, you might be entitled to claim for any suffering caused. This could be the case if your data is passed to a research firm. Alternatively, a breach may have occurred if your details were sold to a marketing company without consent.
ICO Enforcement Action Against Well Pharmacy
As we mentioned at the start of this guide, the GDPR covers staff as well as patients. Therefore, we are now going to cover a report relating to a leak of 24,000 Well Pharmacy staff.
The breach took place in December 2018 when an email was forwarded to a number of locums. Within the email was a spreadsheet containing information about staff. While it has not been declared what information was included, some staff speculated that it contained details of their pay rates, criminal record checks, fitness to practice details and religion.
A spokesman for Well Pharmacy said that National Insurance numbers, bank details and dates of birth were not contained within the spreadsheet.
Calculating Compensation Claims For A Data Breach By Well Pharmacy
We are now going to consider what compensation might be paid for the mental suffering that results from data breaches. Our table shows potential compensation figures for conditions like Post-Traumatic Stress Disorder (PTSD), anxiety and depression.
An important case (Vidal-Hall and others v Google Inc ) heard by the Court of Appeal led to some important decisions being made about data breach claims. The Court said that:
- It is acceptable for psychiatric injuries to be claimed even when no money has been lost. Before this case, financial damage was required in order to claim.
- Compensation payments for mental damage should be valued using the same amounts in personal injury claims.
Therefore, we have added figures to our compensation table that are taken from the Judicial College Guidelines. This is something that is used by injury lawyers when settling claims.
|Injury||Seriousness||Settlement Range||Extra Guidance|
|Psychiatric||Severe||£51,460 to £108,620||There will be significant problems coping with life and work. The claimant will also struggle with relationships, remain vulnerable and any treatment is unlikely to improve things. The prognosis will be very poor.|
|Moderately Severe||£17,900 to £51,460||Levels of suffering will be very similar to the above but the claimant will be given a more optimistic prognosis.|
|Less severe||Up to £5,500||The length of time daily activities (like sleeping) were affected will be a key factor in this category.|
|PTSD||Moderately Severe||£21,730 to £56,180||While the claimant will suffer significantly with symptoms like nightmares, flashbacks and an inability to work, there will be some recovery with specialist support.|
|Moderate||£7,680 to £21,730||Most of the symptoms of PTSD will have been resolved. Some will remain but won't be severely disabling.|
Importantly, you will need to have a medical assessment to help prove the severity of your suffering. This can usually be booked locally by lawyers on our panel.
After your assessment, the specialist will create a report to detail your injuries. They will also offer a prognosis that explains how you might suffer in the future. This report will be used to prove your injuries were caused by the breach as well as place a value on them.
Types Of Compensation Awarded To Data Breach Victims
It would be good if you could contact the defendant and say that you would like a certain amount of compensation. However, the claims process isn’t as easy as that. You have to fully justify your compensation request and supply evidence to support it. Also, the claim needs to cover all aspects of your suffering as you’re only able to claim once.
There are usually two things you can claim for:
- Material damages are sought if you’ve incurred expenses or lost any money as a result of the breach.
- Non-material damages are claimed if you’ve suffered anxiety, stress or any other psychiatric illnesses.
You will normally begin a material damages claim by assessing how much money has already been lost. This is quite a straightforward calculation. Then you may need to move on to look at future losses. This might be a little trickier. For example, where criminals are sharing your personal information, you might lose money in additional identity theft crimes until you manage to switch or block your accounts.
Moving on to non-material damages, you will usually claim for any conditions that have already been diagnosed first. After that, you may need to claim for any future suffering that is predicted by your medical report. For instance, if anxiety is going to affect you in the future, you might need to factor the suffering it will cause into your claim.
It is important that all of these things are considered before you submit your claim. That’s where specialist legal representation could help. If you work with a lawyer on our panel, they will thoroughly review all parts of your claim so that nothing is left out.
How Does The Data Protection Act And Information Commissioner Help You?
At the beginning of this guide, we explained that the Information Commissioner’s Office is able to investigate companies that have broken data protection laws. But you can’t request their help straight away. Instead, you must make a formal complaint with the company you blame for exposing your data first.
Once they have answered your complaint, you will have to escalate it, where possible, if you don’t agree with the response. If you are unable to escalate the complaint any further, you have the option to contact the ICO after it has been 3-months since you heard from the company.
The ICO could then choose to investigate. If the company are found guilty of any wrongdoing, they could be forced to change the way they work. The ICO could also fine them. However, they won’t be able to instruct them to compensate you.
No Win No Fee Compensation Claims For A Data Breach By Well Pharmacy
We understand that many people are concerned about paying for a lawyer and then losing the case. That is the reason we have a panel of data breach lawyers who offer a No Win No Fee service. If your claim is taken on, you will benefit from their experience and expertise and you will also benefit because of a lowered financial risk.
Before agreeing to represent you, the lawyer will need to verify the feasibility of your case. If they agree to represent you, they will draw up a Conditional Fee Agreement (CFA) for you. This is the formal title of a No Win No Fee agreement and serves as your contract, and it will show you what the lawyer needs to achieve before they get paid. Furthermore, it will explain that:
- No upfront payment is needed. Therefore, the claim can begin promptly.
- Lawyer’s fees won’t be requested during the claims process.
- If your claim fails, you won’t need to pay any of your lawyer’s fees.
The CFA explains that your lawyer only needs to be paid if you are compensated. When that happens, you will pay a success fee. This is a small percentage of your compensation that is kept by your lawyer. The size of your success fee is listed in the CFA, so you’ll be able to review it before you decide to work with the lawyer. Also, for your information, success fees are capped by law.
What Do Data Protection Lawyers Do?
We strongly believe that using data breach lawyers will improve your chances of being compensated. With their experience and expertise, they could help you to fully understand what can be included in your claim.
If your case is accepted, a GDPR data breach lawyer from our panel will:
- Thoroughly assess your case to ensure they understand it fully.
- Obtain supporting evidence to try and back up your allegations.
- Book you in for a local medical assessment.
- Prepare your claim and then send it to the defendant.
- Communicate with the defendant’s legal representatives so you don’t have to.
- Aim to get you the highest amount of compensation available.
What To Do If You’re The Victim Of A Data Breach?
We would now like to explain the process of claiming for the harm caused by data breaches again briefly.
So, the first step you will need to make is to contact the company you blame and make a formal complaint. After this process has reached its conclusion, you are able to contact the ICO once it has been 3-months since your last meaningful conversation. At the same time, you could give us a call to discuss starting a compensation claim.
After we have reviewed your claim, we will be able to advise you if your claim appears to be viable. If it does, we could partner you with a data breach lawyer from our panel. If you haven’t done so already, they will advise you whether an ICO complaint is necessary.
Speak To A Specialist Advisor
Hopefully, the information supplied in this article has helped you understand who can make data breach claims. If you are considering starting one and would like Legal Helpline to support you, why not:
- Call us free and speak to an advisor on 0161 696 9685.
- Ask to be called back at a suitable time by completing our enquiry form.
- Email [email protected] to tell us how you have been affected by a data breach.
- Ask an online specialist for advice via live chat.
When you call, you won’t be pressured into making a claim. We will provide free advice on your options whether you proceed or not. For your convenience, you can speak to an advisor 24-hours a day, 7-days a week.
Frequently Asked Questions About Data Breach Claims
What is considered personal data?
In terms of the General Data Protection Regulation (GDPR) any information that could help to identify you is considered as personal data. Information that might directly identify you includes your name, contact number, email address or home location. Information that might indirectly help to identify you includes information on ethnicity, sexual orientation, disability or marital status.
Who is liable for a data breach?
Generally, the GDPR holds data controllers accountable for the security of personal data. This will usually be a company or organisation rather than an individual. Even if the breach is caused by a member of staff, the company will usually still bear responsibility.
Is sending an email to the wrong person a data breach?
Yes, it could be. If an email is sent that contains personal information about you which could help to identify you, a breach is likely to have happened. The same is true of mail sent in the post.
Can I sue if my personal data is breached?
Everyone is entitled to have their data handled securely. If your personal information is exposed by a breach, you could claim compensation if you suffer anxiety (and similar conditions) or if you lose money as a result.
Where To Learn More About Data Protection
Thank you for reading our article about data breach claims against Well Pharmacy. As this is the final section, we have linked to resources that might prove useful. Please tell us if there is anything else you would like to know about claiming.
ICO Action – The up-to-date register of action taken by the ICO in relation to GDPR data breaches.
Post-Traumatic Stress Disorder – Information about the symptoms, causes and treatment of PTSD.
Finally, we have listed a few more of our guides below to show how we could support you with different types of claims.
GDPR Data Breach Compensation Claims – Advice on how to claim if you’ve suffered a data breach.
Cycle Accident Claims – Detailed information on how to claim following a bank data breach.
Incorrect Medicine Claims – Advice on claiming for suffering caused by a medical data breach.
Thank you for reading our guide to making a claim following a data breach by Well Pharmacy.
Guide by BH
Edited by REB