By Jo Jeffries. Last Updated 21st July 2022. Welcome to this guide to data breach distress compensation. Below, we explain who could claim for a data breach under the GDPR, and answer questions such as ‘How much compensation can I get for a data breach?’ and ‘Can I sue if my data is exposed?’ We also explain what data breach claims could include when it comes to damages, and reveal how much compensation for data breach distress may be offered if your psychological injuries are severe. We also answer FAQs on the Data Protection Act and damages for distress.
Can I Sue If My Data Is Exposed?
Claiming data breach distress compensation could be something you’re keen to do if your personal information has been exposed.
If a company has mismanaged your personal data leading to a breach, you may be feeling somewhat distressed.
But did you know that this emotional distress, caused by someone else’s negligence or irresponsible behaviour could lead to you being able to make a data breach distress claim?
Check Your Eligibility To Make A Data Breach Emotional Distress Claim
This guide explains what you may need to know if you’re looking to make this kind of claim and the role of the Information Commissioner’s Office in data protection regulation of GDPR as well as how they could help with the misuse of private information. In the sections below, we explain what suing for breach of data protection that has caused harm involves. As well as this, we explain how your data should be protected by certain entities and the types of data breach that could occur.
We also offer some insight into how much compensation you could claim if you have suffered cyber stress or you’ve suffered a data breach and it has psychologically affected you. If you would like to move forward with a claim for psychological injuries, or you’d like to ask us about any of the information contained in this data protection breaches guide, we would be happy to help you.
Getting help with data breach claims
We could offer a free eligibility check on your case, and if we believe you could make a successful claim, connect you with a lawyer. The lawyer could take on your claim on a No Win No Fee basis. You can reach the Accident Claims UK team on 0800 073 8801.
Select A Section
- A Guide To Data Breach Distress Compensation Claims
- What Are Breaches Of Personal Data?
- What Is Data Breach Distress?
- Causes Of Breaches In Data Protection
- How Else Could Data Breaches Impact Someone?
- Complaining To The ICO About Distress And Data Breaches
- What Data Breach Distress Compensation Could You Claim?
- How Could People Be Compensated For Distress Caused By A Data Breach?
- No Win No Fee Data Breach Distress Claims
- Begin Your Claim
- Essential References On Claiming Data Breach Distress Compensation
You may already have read or heard about people whose data has been breached, whether this is via a cyber attack or a business’ lack of protection when it comes to your data privacy. But what you may not understand until it happens to you is the level of data breach distress that it can cause. You could have the right to claim compensation for data breach distress.
If you’ve suffered stress due to a data breach, you could make a data breach distress claim. This could be for expenses associated with the breach too. This guide has been created to help you understand data breach claims and offer you guidance as to whether you could make a claim of your own.
In this guide, we explore:
- How data breaches could happen.
- The connection between data breaches and cyber stress
- The compensation you could claim if you’ve suffered data breach emotional distress.
We also offer some guidance on how to get a solicitor to help you with a claim on a No Win No Fee basis.
Unfortunately, with the advancements in technology and much of our private data being stored by many different entities such as the NHS, government, public and private businesses, there comes a risk of that data being breached. Data could include your email address and date of birth or sensitive information such as your bank account details.
According to the Government’s Cyber Security Breaches Survey 2020, 46% of businesses and 26% of charities reported suffering cyber attacks or data security breaches within the 12 months leading up to the survey. 68% of medium and 75% of large businesses reported breaches or attacks. 57% of high-income charities reported them too.
How Should My Data Be Protected?
Your data was previously protected under the Data Protection Act 1998 (DPA), which has now been updated to the Data Protection Act 2018. This brings it into line with the EU GDPR, the General Data Protection Regulation.
What Constitutes A Data Breach?
If a company holding your personal data suffers some kind of data breach, you could make a claim for compensation if it has harmed you. A court could award compensation for damages for distress you’ve suffered as a result of a breach as well as financial expense, as per Section 13 of the Data Protection Act.
Those who decide how and why they’ll use your personal information are known as the data controller. They may also process that data. However, sometimes a data controller chooses to use another body (such as an agency) to process the data. This agency would then be a data processor. Either could be liable if their negligence leads to a data breach that causes you to suffer.
A data breach in terms of compensation claims could include situations where your data is:
- Accessed in an unauthorised way
- Disclosed in an unauthorised way
- Altered without your permission
Data breaches could happen accidentally, or they may be malicious in nature. Breaches could be caused by someone inside or outside the organisation that holds your data. An award for distress could include compensation for privacy violation and reputational damage too.
The consequences of data breaches could be significant. Whether it has been financial data, medical data or personal information that has been breached, it could have an impact on your mental health. You could suffer anxiety or depression, for example.
Data breach distress, put simply, is anxiety and emotional stress due to a data breach. For example, you may suffer because of someone using your personal data in an unauthorised way due to them having access to it. You may suffer because your private personal information is now in the public domain. A breach that leads to the theft of your bank details could have a significant effect on your finances and mental health.
In order for you to make a data breach emotional distress claim, you would have to prove that:
- Your data has been breached.
- You have suffered upset and distress as a direct result of the breach.
Data Breach Cases
In one case (TLT v Secretary of State for the Home Department. Reference ), damages were awarded to some victims whose mental health suffered after their data was subject to a breach. Thousands of asylum and leave to remain applicants had their personal data published on the Home Office’s website in error.
Previously, you could only claim compensation for a breach of data that caused you financial loss. However, a landmark case (Vidal-Hall vs Google) which was heard at the Court of Appeal in 2015 led to a settlement being agreed for compensation for loss of dignity, distress and anxiety caused by a data breach.
Now, if you can prove you have a valid claim, you could claim for either financial loss or mental suffering or both because of a data breach.
If you believe you have suffered anxiety or cyber stress due to a data breach, and you would like to have your case assessed for free to see if you could be eligible for compensation, Accident Claims could help. If our opinion is that you could have a valid claim, we could then connect you with a professional lawyer. They could begin your claim for data breach distress and get you the compensation you deserve.
Your personal information may be held by different entities in a variety of ways. There are also various ways in which it could be breached. Some causes of a breach could include:
- A hack: This is where someone gains unauthorised access to a computer system.
- A virus: This inserts its own code into computer programs, effectively infecting them with code.
- Cyber attacks: This is where a malicious attack is launched by cyber criminals. Attackers could intend to steal data, cause a loss of data or use the attacked computer systems as launch points for further attacks, for example.
- Human error: If someone has accidentally sent a file with your personal data, for example. This can also happen with physical documents.
Data breaches do not only have to be online. For example, an employer may send your salary details in a letter to a colleague in error.
All of these causes could lead to GDPR breaches, leaks and losses of data, or data being sent to a third party.
While this guide concentrates largely on data breach distress, there are other ways in which data breaches could impact a person. These could include:
- Accessing your accounts: If a cyber criminal is able to access certain data, they may be able to gain access to your financial accounts. Data theft could lead to spending in your name, or even emptying your bank account.
- Identity theft: Not only could stolen data be used to access your financial accounts, but it could also be used to set up new ones. Criminals could use stolen data to apply for financial products in your name and commit fraud in your name.
- Selling of your data: Your data could be sold to a third party without your knowledge
If a breach of your data has led to financial harm, you could claim compensation for it, as well as claiming compensation for distress from the data breach.
The ICO has given instructions as to how you could complain about a data breach that has caused you emotional distress. They advise affected parties to:
Approach the organisation that is responsible for breaching your data. The ICO advise you to do this quickly, ensure you send it to the right address, and be specific. You could ask them to investigate and you should also explain how the breach has affected you. If the experience has been stressful and you have been left distressed by it, you should mention this.
If you do not receive an adequate response, or the organisation doesn’t respond at all, as a last resort you could register a complaint with the ICO. The ICO would not usually investigate data breach concerns where an undue delay has occurred in bringing your concerns to the ICO’s attention. Therefore, you should contact the ICO before 3 months has passed since there has been any final contact from the data controller or processor you’ve contacted.
If you’re concerned that any time limits have passed or you haven’t raised the issue in the right way, get in touch for free legal advice from our advisors.
As we mentioned earlier, in Vidal-Hall and others v Google (2015), the judge in the Court of Appeal addressed the issue of how distress caused by data breaches could lead to compensation.
How Much Is The Average Compensation For A Data Breach?
Unfortunately, it can be tricky to accurately calculate the compensation you could get for a data breach.
In your case, you may take into consideration:
- How many people were able to access the data.
- The sensitivity of the data that had been breached.
- How long it was between the breach of data and you being informed of it.
- How long unauthorised people could access your data for.
- Financial losses caused by the breach.
- Emotional distress and anxiety caused.
In order to ascertain how much a data breach compensation amount could be for mental suffering, we could take a look at what the Judicial College Guidelines say could be appropriate for psychiatric and psychological injuries. (The JCG is a regularly updated publication solicitors may use to value injuries.)
Below is a table containing these potential figures. It could give you some insight into how much compensation could be appropriate for the level of data breach distress you’ve experienced.
You would, as in a personal injury claim, be advised to have a medical assessment to verify any injuries and ascertain how serious these could be. You would be asked to visit a specialist so that they could assess how severe the distress and anxiety you’ve suffered has been. They could also determine how long it might affect you for. They could then produce a report that could be used to evidence your claim.
|Psychiatric Damage Generally||£54,830 to £115,730||Severe – leading to marked effects with regards to their ability to cope with education, work and life and on their relationships. Could leave them vulnerable to risk in the future. The prognosis would be very poor.|
|Psychiatric Damage Generally||£19,070 to £54,830||Moderately severe – significant effects as per the above bracket but with a more optimistic prognosis.|
|Psychiatric Damage Generally||£5,860 to £19,070||Moderate – with the kind of problems associated with more severe damage, but there will have been a significant improvement and a good prognosis.|
|Psychiatric Damage Generally||£1,540 to £5,860||Less severe – the level of the effects on the person’s sleep and daily activities would be taken into account, and the length of time the person has suffered.|
|PTSD||£59,860 to £100,670||Severe – permanently affecting the claimant, who would not be able to work or function on a pre-trauma level. This would affect all aspects of the person’s life.|
|PTSD||£23,150 to £59,860||Moderately Severe – better prognosis than in the category above, but with significant disabilities that could last for the foreseeable future.|
|PTSD||£8,180 to £23,150||Moderate – the injured party would have largely recovered but any continuing symptoms wouldn’t be disabling grossly.|
|PTSD||£3,950 to £8,180||Less severe – where the injured party would have made a virtually full recovery within 1–2 years.|
|Reputation damage||Call for more information||Call for more information|
|Loss of income||Call for more information||Call for more information|
As we mentioned, the amount of compensation you could receive for data breach distress would largely depend on how distressed you were. However, there are other types of compensation you could seek if you’ve been affected by a data breach. You could seek compensation for material damage (financial) and non-material (psychological) damage.
Data breach compensation examples could include claims for:
- Loss of privacy
- Financial losses
- Medical harm caused by a data breach
- Anguish caused by a data breach
To obtain an assessment of your potential data breach claim, why not get in touch with our expert team at Accident Claims UK? We could talk to you about the breach and the effect it has had on you. We could also advise you as to what compensation you could claim and how we could help you to move forward with a claim.
Our advice is free and comes with no obligation to proceed with our services. We want to help you get the compensation you deserve whether a court awarded it or if it was agreed with the liable party’s solicitors if your data has been breached.
While it could be possible for you to claim compensation without legal help, many claimants prefer to have an experienced solicitor on their side to help deal with their data breach distress claim.
A solicitor could help build a strong case for compensation for cyber stress. They could also help ensure that action is taken before the time limit is reached. A solicitor could negotiate a settlement for you out of court if the liable party admits liability. If the organisation you’re claiming against disputes your claim, a solicitor could represent you in court.
You may assume that to retain the services of a lawyer, you’d have to pay them a retainer upfront. However, solicitors working under No Win No Fee terms could fight your claim without you having to pay their fee until your claim is successfully settled. To make a claim under such terms, you would need to:
- Find a No Win No Fee lawyer – we could help you with this.
- Sign a Conditional Fee Agreement. This would detail the amount you’d pay the lawyer as a success fee if they negotiate a payout. This fee would be capped, legally. It would only be payable if compensation was obtained.
If a solicitor negotiates a compensation settlement for you, their success fee is taken from your payout, with the balance benefitting you. If no compensation payout was achieved, you wouldn’t be asked to pay them the success fee.
To ask us any questions about making a data breach distress claim on a No Win No Fee basis, please don’t hesitate to get in touch.
Do you want to see if you qualify to claim? Or do you have questions surrounding the claims process or how long you could have to claim? Perhaps you’re not sure whether you could be eligible to make a claim. Whatever you need in terms of help and support, we’re here. You can contact us in a number of ways, including:
- Phoning: 0800 073 8801
- Emailing: email@example.com
- Completing the online contact form.
- Using our live chat.
Our Commitment To Client Care: You can read more about how Accident Claims UK put you first at all times during the claims process.
Learn More About Psychological Injuries: Here, we explore psychological injuries in more detail. You might find this useful if you wish to make a claim for a psychological injury.
Post-Traumatic Stress: This guide could be of use to you if you have suffered PTSD. It gives an explanation of how PTSD could affect you and how much you could claim.
Government Information On Data Protection: You can read more about data protection on the government’s website.
A Guide To Compensation From The ICO: This page on the ICO website offers some insight into how to claim compensation for a data breach.
Government Guidance On Personal Data After Brexit: This sets out the guidelines for personal data after the transition period when the UK leaves the EU.
Data Breach Distress Claim FAQs
What are the causes of data breaches?
According to the ICO’s figures for Q1 2021/22 for data breaches reported to them, there were a total of 2,552 data security incidents. Some of them were cyber security-related while others were non-cyber security breaches. You can see the reasons for these breaches in the graph that follows.
As you can see from the above, the highest number of incidents were unrelated to cyber security incidents. The second highest incidence was where data was incorrectly e-mailed to an unauthorised recipient. If you have provided the correct e-mail address to an organisation, they should be able to send your data to you correctly. However, sometimes things could go wrong. Depending on the type of data that was on the e-mail, this could cause significant distress. For example, if your bank details were sent to someone else, this could be very stressful as you might worry that the recipient would be able to access your account. If it was medical information, you might fear that someone would know personal information that you didn’t want to share. If your employer sent details of your disciplinary record, this could lead to reputational damage. All of these incidents could cause data breach distress.
Can I claim against an employer for data breach distress?
If your employer was at fault for your data being breached and did something wrong, this could lead to you being able to claim compensation from them. You could claim for the financial impact of a data breach as well as emotional harm, such as distress.
Can I sue if my data is exposed?
Whether you can sue if your personal data is exposed depends on a few factors. You would need to prove wrongdoing on an organisation’s part led to the exposure of your data. You’d also need to prove that you’d suffered material or non-material harm because of this. You would also need to claim within the relevant time limit.
We would be happy to assess your case to see if you could have a valid claim.
Who could I claim data breach distress compensation from?
Who you could claim data breach distress compensation from depends on who breached your personal data, causing it to be exposed, and resulting in financial or non-material harm to you. Some examples of the organisations that you could claim against if you could prove this are below:
- Pharmacy data breach
- Employer data breach
- Medical data breach
- Housing association data breach
- Hotel data breach
- Credit card data breach
How much compensation can I get for a data breach?
How much compensation you could get for a data breach depends on the level of harm you’ve suffered and the financial implications of the negligent exposure of your data. Please call us for advice on what you could claim for.
What are some common causes of a data breach under the GDPR? – Latest Statistics
If we look at the ICO’s Q3 2021-22 figures, we can see that again, the most common data security incident was data being emailed to the wrong recipient. After this, the top causes were other non-cyber security incidents and unauthorised access.
If you believe you’ve suffered harm because of a breach of your data by an organisation, please call our team. We could assess your case to see if you could have a valid claim.
How much compensation for data breach distress may be offered – should I take the first offer?
Have you been offered settlement when making a claim for a data breach? What happens if you you don’t feel like it is appropriate enough to compensate you for your suffering? If this is the case, you could opt to dispute it. However, we would advise you to seek legal advice when it comes to how much compensation for data breach distress may be offered. Your solicitor could give you some advice on whether you might want to take an offer, or whether you could potentially make an attempt for a higher settlement. The decision in such cases would ultimately be yours, but getting professional advice could be beneficial.
What evidence would I need to claim for a data breach that caused a psychological injury?
The evidence you’d need when making a claim for a data breach which caused psychological injuries could include:
- Evidence of the data breach incident, such as communication between you and the organisation
- Proof of wrongful conduct on the part of a liable party, such as findings from an ICO investigation
- Evidence of the harm you’ve suffered and that it was caused by the breach, such as medical records
An independent medical expert may need to conduct a psychological evaluation if you intend to make data breach claims for psychological injuries. They could provide you with a report on your psychological injury, which you could use in evidence.
Where can I get help with data breach claims?
We would be happy to speak to you and offer advice and guidance if you are looking to make a claim for a personal data breach that harmed you. Our team are available to offer free eligibility checks, so we could determine whether you could have a valid claim.
How do I evidence a claim for data breach distress compensation?
Various pieces of evidence could help your claim for data breach distress compensation. Data breach claims require evidence that a breach occurred due to wrongdoing or negligence, and that you were harmed by it. Useful evidence could include:
- Any documentation between you and the organisation that breached your data. This could include any correspondence about the breach.
- Medical evidence. In some cases, you may need to attend an independent medical assessment to produce a report on severe cases of psychological injuries. This could be used to evidence your claim.
- Evidence of any financial implications of the data breach. A settlement for a breach of the Data Protection Act could include damages for distress. However, it could also include damages for financial harm you’ve suffered because of a breach. Bank statements, credit card bills and other financial documentation could help with this.
If you’re concerned about evidencing your data breach claim, we’d be happy to talk to you. We could ask you some questions about the evidence you have and give you our honest view of whether it could help to prove your claim.
I have more questions about the Data Protection Act and damages for distress – where can I get help?
Our team are available to offer help and support to those looking to make data breach claims. You can call us at any time to discuss your case.
Thank you for reading our guide to making a data breach distress compensation claim.