What are the 5 things you need to know about data breach claims if you need to make one? If your personal information was compromised due to a company’s security failings, what are your options for seeking adequate compensation? With more than 2,400 data security incidents reported across various industries during Q2 2021/2022, the security of our personal information is a serious issue.
In this article, we look at things you need to know about data breach claims and how to put together a successful claim for compensation. If you were harmed financially or mentally by a data breach, get in touch with our advisors for help on what to do next:
- Call us on the number above
- Contact us via our website
- Or use the ‘live support’ option to the bottom right for instant help
A data breach is the loss, destruction, disclosure, access or alteration of your personal information without your consent or a lawful reason. Personal data or personal information is anything that can help identify you, such as your email address or bank details.
Data breaches can be accidental or deliberate. For example, a cybercriminal might deliberately access and sell your personal data. However, an employee of a company may accidentally send an email containing your personal information to an unauthorised recipient. This would be a human error data breach.
As a data subject (someone whose personal information is collected, stored or processed), you may first become aware of a data breach when it’s too late.
Money may go missing from your bank account or you may experience a sudden increase in spam or nuisance calls. The data breach issues could reach into every area of your life.
If our personal information gets into the wrong hands, it can be traded online. With the right kinds of personal information, criminals can open bogus lines of credit, steal money from accounts and even assume someone’s identity. Because of this, organisations entrusted with our personal details must safeguard them properly.
A serious data breach can absolutely devastate the life of the person it affects. To help secure personal data, the UK General Data Protection Regulation (GDPR) came into effect and the Data Protection Act 2018 was amended. They give clear and precise guidance about the legal expectations around personal data handling.
Despite the recommendation to properly train staff involved in personal data security, human error still accounts for a considerable amount of reported data breaches. In the data security incidents report for Quarter 2 of 2021/22, examples of data incidents that could include those potentially caused by human error are:
- Data emailed to the wrong person (397 reported cases)
- Information posted or faxed to the wrong person (192)
- Failure to redact data properly (102)
- Loss or theft of paperwork or personal information left in an unsecured location (164)
Advice on how companies can safeguard against issues like this is clearly explained by an independent body called the Information Commissioner’s Office (ICO). Responsible for protecting personal data security rights, the ICO helps those that collect, hold or process personal information to implement the UK GDPR. The ICO also has the power to issue penalties such as multi-million-pound fines.
One of the things you need to know about data breach claims is that you could claim for financial loss caused by the breach.
If you commence a claim for compensation because of data security breaches, a data breach lawyer can use evidence of financial losses incurred. Therefore, any cost directly associated with the breach could be eligible for inclusion. If the claim is successful, the defendant might have to repay a whole cross-section of financial outgoings caused by the breach, such as:
- Any stolen money you weren’t able to recover
- Costs for counselling or therapy
- Child care arrangements
When a person with malicious intentions has your name, address, bank details or other personal information, it can be very difficult to assess the accurate extent of the damage. Although the ICO requires companies to report notifiable data breaches to them within 72-hours, this still allows hackers time to potentially exploit your data.
The impacts on you need to be properly and fully calculated. Compensation for a UK GDPR data breach involves showing all the bills, receipts, bank statements and invoices that demonstrate your financial losses caused by the breach.
It’s also important to note that you can only claim compensation if the organisation that was supposed to protect your personal data failed to do so through positive wrongful conduct. Therefore, you could be reimbursed if your financial losses were a consequence of the data breach they could have reasonably prevented.
One of the most important things you need to know about data breach claims is that after the case Vidal-Hall and others v Google Inc , data subjects can claim for mental harm caused by a data breach as well as financial loss. Before this case, you could only claim for psychological harm if you’d also suffered financially. Now you can claim for either or both.
This means, for psychological harm caused by the data breach, you could claim for conditions such as:
- Suicidal thoughts
You would need a medical assessment to prove your claim of emotional anguish or mental harm. This can be arranged for you by a data breach solicitor. The doctor can put their findings in a medico-legal report which (depending on the findings) can be accepted as evidence of:
- The severity of your injuries.
- Your injuries being caused or worsened by the data breach.
In addition to this, it can be cross-referenced with a publication called the Judicial College Guidelines to evaluate a potential compensation sum. With award brackets for psychological damage, you may be eligible for significant damages. The table below provides an excerpt:
|Injury||severity||JCG award bracket||notes|
|Psychiatric damage||(a) severe||£51,460 to £108,620||marked problems with a poor prognosis for the future|
|Psychiatric damage||(b) moderately severe||£17,900 to £51,460||significant mental health problems but with a better prognosis than above|
|Psychiatric damage||(c) moderate||£5,500 to £17,900||marked improvement by trial|
|Psychiatric damage||(d) less severe||up to £5,500||depending on the duration of the problems and how much everyday activities and sleep were affected|
|Post-traumatic stress disorder (PTSD)||(a) severe||£56,180 to £94,470||permanent affects that prevent the person from working or functioning as before|
|PTSD||(b) moderately severe||£21,730 to £56,180||better prognosis after professional help but significant issues for the foreseeable future|
|PTSD||(c) moderate||£7,680 to £21,730||largely recovered with no grossly disabling residual symptoms|
|PTSD||(d) less severe||up to £7,680||virtually full recovery within 1 to 2 years with only minor symptoms persisting|
It’s important to note that these amounts merely represent suggestions. The aim is to fairly and consistently apply an amount to acknowledge mental harm including:
- Pain and suffering
- Loss of amenity
- Emotional suffering
- Damage to relationships
The JCG aims to provide a consistent, fair and appropriate award suggestion, but each case will vary. For a more accurate compensation quote, get in touch with our advisors.
Time limits are essential things you need to know about data breach claims because if you try to make a claim after the time limit has passed, you may find you’re unable to.
In some instances, the time limit may be 6 years. This can apply to personal data breach claims against private companies.
Regarding data breach claims against a public body, the time limit could be 1 year. This would be applicable for a data breach compensation claim against any publicly-funded organisation.
Speak to us about time limits and how data protection breach solicitors can enable you to construct an effective claim against a public body.
In 2020, British Airways (BA) was fined £20 million for a data breach that affected over 400,000 customers. The ICO originally sought a fine of £183 million to reflect the magnitude of the breach after BA’s security systems were compromised by hackers.
BA was unaware of the attack for two months, resulting in a prolonged period of exposed personal data for affected customers.
Data stolen included payment card details, log-ins and travel booking details. In addition to this, the names and addresses of customers were exposed. The ICO investigation subsequently concluded that insufficient security measures were in place.
Our aim in this article is to discuss the things you need to know about data breach claims. One thing you should know is the potential you could have to use the services of a solicitor under a No Win No Fee agreement.
A No Win No Fee compensation claim could help you regain some measure of control over your damaged finances. In view of this, it could also help you adequately address the emotional anguish a data breach can cause, too.
Under a No Win No Fee agreement, you wouldn’t pay any upfront or ongoing solicitor fees. You would pay your solicitor a ‘success fee’ if the claim is successful. However, if it’s not, you wouldn’t have to pay any solicitor fees at all.
If you have a question or query that we have not touched on, please don’t hesitate to reach out. With the skill and expertise to advise on No Win No Fee data breach solicitors in the UK, they could help you right now.
Why not access free legal advice today? Simply:
- Call us on the number above
- Email or write to us at Asons.co.uk
- Or use the ‘live support’ option to the bottom right for instant help
Why not check out more of our guides?
- 5 Things You Need To Know About Slip, Trip and Fall Injuries
- 5 Things You Need To Know About Workplace Accidents
- 5 Things You Need To Know About Pedestrian Compensation Claims
- 5 Things You Need To Know About Loss Of Earnings Compensation
- The Top 10 Personal Injury Firms In The UK
Thanks for reading our post on things you need to know about data breach claims.