By Daniel Sisko. Last Updated 26th September 2022. Welcome to our data breach Frequently Asked Questions page. Below, you can find the answers to some commonly asked data breach questions, as well as links to some of our guides.
If you want to know what a data breach is, how they can happen, what impact they could have, and how much compensation you could potentially receive in a successful claim for mental or financial damage, this page will tell you the answers.
What Is A Data Breach?
The Information Commissioner’s Office (ICO) describes a data protection breach as when your personal data is accidentally or unlawfully altered, lost, destroyed, disclosed or accessed. A personal data breach can occur regardless of your data existing in a digital or hard format.
If your data is breached, then this could lead to a variety of issues, including psychological and financial harm. The person or body that stores your data in an official capacity has a responsibility as the data controller to make sure sufficient security measures are in place to keep the risk of a personal data breach to a minimum.
These measures can include:
- Making sure their cybersecurity software is up to date
- Locking filing cabinets
- Keeping track of electronic devices storing personal information
- Not leaving paperwork out in the open
You may not be able to claim for a UK GDPR breach if your personal data was not affected and you were not caused harm. If you’re confused as to what can constitute a data breach and when you can claim, get in touch with our advisors today.
Why Is Data Collected About Us?
Every time we go online to shop, use social media or send an email, we are consenting to data being collected about us. It can help companies provide better services, aid consumer choice and speed up the sharing of important information across interested groups.
What Happens To The Data?
Under new laws that came into effect in 2018 called the General Data Protection Regulation (GDPR) all companies, agencies, organisations and individuals must comply with strict usage laws of our information now.
There are 7 core principles recognised in proper data handling:
- Are the reasons for collecting the data fair, obvious and legal?
- Was there a clear reason to collect the data? (purpose limitation)
- How long is it to be kept for?
- Is the data accurate?
- Is only absolutely necessary data being gathered?
- Are all those involved in its use aware of their data responsibilities?
- When there is a problem, who is accountable?
Do All Companies Know About GDPR?
They certainly should. Ignorance on their part is no defence. GDPR rules provide an easy ‘at a glance’ code of conduct when it comes to handling our personal information.
The Information Commissioner’s Office (ICO) is an independent agency set up to enforce data privacy laws and they have far-reaching powers to issue fines to anyone who ignores or fails in their data protection duties. The ICO also describe in plain English what companies can do to comply, leaving as little room as possible for misinterpretation.
What’s The Biggest Cause of Data Breaches?
Outside hacking attempts and human error are the two main reasons for a data breach. With cybercrime a constant threat, companies need to invest in software security to prevent external hacks on their data resources. Firewalls and sophisticated password procedures can fend off the majority of attacks, but nothing can eliminate human error.
Therefore, staff members who are poorly trained or not concentrating can create breaches of privacy in the following ways:
- Talking freely about the data subject
- Leaving laptops or smartphones open to view
- Losing or exposing sensitive paperwork
- Including others in social media posts without consent
- Sloppy storage and transportation of data
- Sending or sharing unredacted documents and attachments
- Any form of accidental or deliberate use of data that relates to someone else
Who Uses My Data?
There are three main groups who use our data.
Controllers are the companies and agencies in original possession of our information. This is data that we have given consensually or as a requirement of law. As long as the data we give them is used in ways that stay within the original remit, they may not have to request permission again.
Processors are those based either inside the company or as external sub-contractors who use, store, transport and update the information.
Finally, third parties are those who receive the data for a wide array of reasons. Each party is expected to abide by GDPR law and breaches can occur at any point within this sharing.
What Happens After My Data Is Breached?
The results can be catastrophic for the person concerned. Once your private information has been leaked into the public realm it’s virtually impossible to predict or control what happens to it.
Online gangs trawl the internet looking for information like this to buy and sell. They can use it to construct fake identities, set up bogus lines of credit and exhaust funds in your name. Identity theft can be a devastating experience, leaving the victim traumatised and personally liable for debts. A data breach is so much more than a few spam emails or text alerts you didn’t subscribe to.
What Can I Do If I’m A Data Breach Victim?
There are practical steps you can take immediately. As soon as you notice the effects of the data breach or receive a notification from a company that your details may have been exposed, you can contact banks and other concerned parties to immediately change your security settings. If it’s too late for that, contact the ICO or the company involved to complain. This can start the process of seeking compensation.
What Might I Be Able To Claim Compensation For?
The impact of a data breach can be profound and long-lasting. You could suffer serious financial fraud as a result. Bank charges, unauthorised overdraft fees, late fees and other debts can accumulate instantly or over time in your name.
Although banks are largely sympathetic to data breach victims and will share your concern about sudden strange activity in your bank account, you should be prepared for the possibility that you might be held responsible for these debts. Compensation might be your only opportunity to secure the money back to sort these problems out.
What About The Impact of The Data Breach On Me?
In addition to financial damage, a data breach can be tremendously distressing. Once you know for sure that your personal details were stolen and used to commit fraud or other offences, the anguish created can be life-altering.
Stress, worry, depression and anxiety, even extreme psychiatric responses such as PTSD and suicidal thoughts might impact you as you struggle to cope with the fall-out. With the correct medical evidence to support your claims of psychiatric damage, a No Win No Fee data breach lawyer could secure a settlement to address these issues.
How Much Could I be Awarded?
After a change n the law because of a case called Vidal-Hall v Google, it is now acknowledged that its possible to suffer mental harm from a data breach in its own right. Previously, it was necessary to suffer financial damage as well, but you can claim for either or both now.
Because of this, your data breach lawyer is now free to use the Judicial College Guidelines (a compendium of suggested compensation awards) to reach a possible amount for mental suffering.
The JCG enables your lawyer to aim for the highest appropriate figure in your case. Compensation amounts are never absolutely certain. But the guide can be used to help you claim for a data breach in the same way as a personal injury or medical negligence claim might.
What Proof Would I Need?
Whether it’s financial or emotional damage, evidence is required to support your claim. For financial or (‘material damages’) you can refer to bank statements, ATM slips, invoices or bills that demonstrate unlikely purchases in your name, mobile phone records and the receipts for any out of pocket expenses incurred by trying to cope with the data breach.
For emotional harm (non-material damages) your No Win No Fee lawyer can help arrange a medical evaluation. The results of this exam can prove the level of distress you have suffered and guide the figure your lawyer can aim for.
How Long Would A Data Breach Claim Take?
Time frames for a claim depend on the availability of evidence and how resistant the other party might be to admitting liability. If the ICO has been involved in your case, they can exert pressure on the company to address the breach properly. This could assist your claim.
My Data Was Breached By My Doctor, What Can I Do?
The NHS and private doctors, like any other organisation, has a duty to comply with data protection laws. If you can provide evidence that your GP or medical practitioner was responsible for your personal information leaking into the public realm, you could have a claim. If you’re unsure, call our team and we can talk you through your options.
You can also read more about a GP data breach by heading here.
A Colleague At Work Told Someone My Personal Information, Can I Sue Them?
In law, there is a concept called ‘vicarious liability’ which means that employers are responsible for the actions of their employees. If a colleague breached your data, by any means, you could sue the company for damages. Your chances of being awarded a significant settlement are greater than attempting to sue a private individual.
Are Companies Allowed To Use My Data Without Asking?
Yes. Under certain circumstances, companies and government agencies are allowed to use your data without specifically requesting it, but there has to be a good reason. The ICO lists six instances where data use is allowed without consent, which briefly are:
- When we give our consent
- If we agree in a contract
- Required by law
- Vital Interest – life-saving information scenarios
- Public task – when the data is needed in the interests of public safety or use
- Legitimate interests – using data for expected and obviously agreed to ways.
Have I Given My Consent Without Knowing It?
Cookies may seem like irritating legal questions that get in the way of us accessing the websites we want to visit, but actually, cookies are there to protect us.
Since GDPR came into effect, companies are obliged to request permission to gather, store and circulate our information. This safety net is designed to stop online exploitation and abuses of this information. When we simply click ‘yes, I agree’ to make the dialogue box vanish, we are actually missing a valuable opportunity to have more say over who is given our details and what they can use it for.
What Should I Do If I Discover Or Am Told I’m A Data Breach Victim?
There is a step by step procedure that you can follow if you find yourself the victim of a data breach. Firstly:
- Contact the company involved and tell them about your data breach concerns or complaint
- Await three months (no longer) for a meaningful response
- If you are not satisfied with that response, you can report them to the ICO
- While the ICO is investigating, you can start to assemble evidence of how you have suffered financially and emotionally
- Connect with a No Win No Fee lawyer to represent you in a private case against the company for data breach
Do I Have To Involve The ICO?
It’s a legal requirement for companies to inform the ICO of a significant data breach and the individuals affected as quickly as possible. Failure to do this can result in penalties and prosecutions.
The ICO does not automatically take up every case. You have a three month period since the last meaningful communication with the company that breach your data. After which the ICO might consider the matter closed, so act promptly with the steps above.
Who Can Help Me With A Data Breach Case?
A No Win No Fee data breach lawyer can represent you immediately and at no upfront cost. At Accident Claims, we can connect you with our specialist data breach solicitors. With the skill and expertise to recognise every impact a data breach may have on you, they could calculate a potential compensation amount that truly reflects the suffering and inconvenience you’ve been put through.
With no fees as the case progresses and nothing to pay at all if the case fails, there’s a reduced financial risk to you. A No Win No Fee lawyer can offer you instant professional help with data breach claims.
What Does A Data Breach No Win No Fee Lawyer Get?
Successful cases only require a fee. The fee is a small percentage deducted at the end of your case from the total settlement amount. It’s capped by law to keep it as low and fair to you as possible. Because the lawyer’s fee derives from a winning case, you can rest assured that they are giving your case their utmost attention.
How Long Do I Have To Make A Claim
Currently, you have six years to start a data breach claim from the date you obtained knowledge of the breach and 1 year if the breach involved your human rights. While this may seem a long time, gathering evidence can take longer than expected so start today with Accident Claims to give your claim the best possible start.
Read More Of Our Data Breach Claims Guides
Below, we’ve included links to more of our guides on data breach claims that you may find useful.
- What are my rights after a credit card breach?
- What are my rights after an employer data breach?
- What are my rights after a medical data breach?
- What are my rights after an optician data breach?
- I suffered a psychological injury after a personal data breach, what are my rights?
Thank you for reading our data breach questions and answers page.
Guide by JJW
Edited by REB