What Are My Rights After A Bank Data Breach?

In this guide, we will look at the process of making a compensation claim for a bank data breach. All organisations, such as banks, that process your personal data much adhere to data protection laws to keep said data safe.

In the UK, there are two central pieces of legislation that sit alongside each other to govern the storage and use of personal data:

As well as creating a way for data breach victims to receive compensation, the UK GDPR outlines rules that data controllers and processors must follow whilst handling both physical and digital personal data. Data controllers are in charge of the means and purpose of processing personal data. Data processors act on the instructions of the relevant controller.

Please continue reading this guide to learn about the ways in which a data breach could cause you harm. Additionally, we will provide a compensation table as a guide to data breach compensation for the mental harm you may have suffered.

What are my rights after a bank data breach guide

Bank Data Breach Compensation Claims Guide

Alternatively, you can contact our team of advisors for free and confidential legal advice tailored to your claim. They are available 24/7, so you can get in touch at a time convenient for you.

Go ahead and:

Select A Section:

  1. A Guide To Bank Data Breach Claims
  2. What Is A Personal Data Breach Claim Against A Bank?
  3. What Could You Do Following A Bank Data Breach?
  4. What Evidence Could Support A Bank Data Breach Claim?
  5. Calculating Compensation For A Bank Data Breach
  6. No Win No Fee Agreements
  7. Related Guides

A Guide To Bank Data Breach Claims

A bank will require your personal information to provide you with their services. To define personal data, we will use the definition provided by the Information Commissioner’s Office (ICO), which is a body responsible for upholding information rights in the public interest. Personal data includes information that can be used to identify a person either directly or indirectly when combined with other information.

This may include:

In the following section, we will explain what a personal data breach is and the conditions that must be met for you to be eligible to make a claim. If you have any questions, don’t hesitate to speak to one of our advisors.

What Is A Personal Data Breach Claim Against A Bank?

The ICO provides a broad description of a personal data breach: it is a security incident which affects the integrity, confidentiality or availability of your personal data. In the context of a bank data breach, this could involve your account number, card number, CVC number, or name found on credit and debit cards which may cause emotional distress and financial loss.

It is important to note that not every bank data breach will result in a successful claim; there are specific eligibility criteria that must be met. Firstly, the bank must have failed in its obligation to protect your personal data in accordance with applicable data protection laws. Secondly, your personal data must have been compromised in the breach. Finally, you will need to have suffered either financial harm or psychological injury.

How Does A Data Breach Happen?

There are two main reasons for data breach occurrences that we will focus on in this article, human error and deliberate actions. Below are some examples of how a bank data breach could occur:

  • An employee could post a letter that includes your personal information to the wrong postal address.
  • Records containing personal data could be lost as they were not correctly stored in a secure location.
  • A failure to use Bcc when sending a mass email.
  • Criminals could use a phishing scam to get personal information.
  • A cyber-attack on a database containing personal information.

Contact our advisors for an assessment of the validity of your claim. They can offer insight and advice suited to the details of your case.

What Could You Do Following A Bank Data Breach?

After discovering that a data security incident involving your personal data has occurred, that compromises your rights and freedoms, a bank should contact you without undue delay. They must also report the breach to the ICO within 72 hours.

There is action you can take right away, whether you have been notified or you suspect that a breach has occurred:

  • You could complain to the bank directly.
  • If their response is unsatisfactory, you could report the data breach to the ICO, who can carry out an investigation. Please be aware that the ICO cannot award compensation.

Additionally, we recommend that you seek legal advice to find out whether you could be eligible to claim. Our advisors are on hand to assess your claim for free.

How Long Do I Have To Make A Bank Data Breach Claim?

In addition to collecting sufficient evidence, if you are seeking compensation for a bank data breach in the UK, you must start within the time limit. This is typically six years unless you are claiming against a public body. If this is the case, then that time limit is reduced to one year. 

For more information about claiming bank data breach compensation, get in touch with one of the advisors from our team.

What Evidence Could Support A Bank Data Breach Claim?

It is important that you provide evidence to support a bank data breach claim, which proves the failings on the part of the data controller or processor as well as the harm you have suffered as a result. This could include:

  • Correspondence with the bank.
  • Findings from an investigation by the ICO.
  • Bank records.
  • Medical records.

If you would like further advice on what type of evidence you could submit in support of your claim, please call and talk to one of our claim advisors today.

Calculating Compensation For A Bank Data Breach

There are two potential types of compensation that could be awarded for a successful personal data breach claim: material and non-material damage.

Firstly, we will examine non-material damage, which is generally psychiatric injuries caused by the bank data breach. This could include but is not limited to, anxiety, depression and post-traumatic stress disorder (PTSD).

As a guide to potential compensation amounts for psychiatric injury, we have provided a table using the April 2022 updated  Judicial College Guidelines (JCG). For non-material damage payouts, solicitors can also use the JCG to help them calculate a valuation. Please consider the amounts in the table as a guide; the unique details of a claim determine the figure awarded.

Injury Severity Compensation Brackets Details of the Injury
Psychiatric Injury (a) Severe £54,830 to £115,730 The person will have marked problems with various factors of their life and their prognosis will be very poor.
Psychiatric Injury (b) Moderately Severe £19,070 to £54,830 The person will have significant problems with various factors of their life but differing from the bracket above, their prognosis will be much more optimistic.
Psychiatric Injury (c) Moderate £5,860 to £19,070 The person may have suffered from similar problems as the brackets above. However they will have a good prognosis and will have made a marked improvement by trial.
Psychiatric Injury (d) Less Severe £1,540 to £5,860 The value of the payout within this bracket is determined by the length of time the disability lasted and the extend to which it affected the person’s life.
PTSD (a) Severe £59,860 to £100,670 The injured person will be permanently affected which prevents them from functioning at anything approaching the level they did before the trauma.
PTSD (b) Moderately Severe £23,150 to £59,860 The injury will likely cause significant disability for the foreseeable future. However, there will be the potential for some recovery with professional help.
PTSD (c) Moderate £8,180 to £23,150 Within this bracket, the person should have largely recovered.
PTSD (d) Less Severe £3,950 to £8,180 Within one to two years, the person will make a virtually full recovery.

Material Damage

Material damage is the financial loss resulting from a personal data breach. This may involve:

  • Money taken from your bank account
  • Damage to your credit score
  • Loss of earnings

As previously mentioned in this guide, you will need to provide evidence as proof of these losses. For advice on whether you could be eligible to claim for material or non-material damage following a bank data breach involving your personal data, please speak to one of our advisors.

No Win No Fee Agreements

Using the services of a No Win No Fee solicitor under a Conditional Fee Agreement (CFA), could be beneficial in the following ways:

  • Generally, there will be no upfront or ongoing fees for you to pay for the services of your solicitor.
  • Furthermore, you commonly won’t make any payments for these services if your claim is not successful.
  • Finally, a No Win No Fee solicitor, in the event of a successful claim, can take a small percentage of the awarded compensation, often referred to as a success fee. The law caps this amount. Therefore, a solicitor will not overcharge you.

If you allow one of our advisors to assess your claim, and they find it could be valid, they may then connect you with one of our specialist solicitors, who could offer you to enter into a No Win No Fee agreement.

To learn more about making a data breach compensation claim for the harm you have been caused by a bank data breach, please speak to one of our advisors today.

You can:

Related Guides

These guides could be useful in finding more information on personal data breach claims:

How Is Compensation For A Data Breach Calculated?

Failure To Redact Data Breach – How To Make A Claim

What Are My Rights After A Loan Provider Data Breach?

These external resources also provide information and support:

GOV.UK – Data Protection

NHS – Mental health services

ICO – Action we’ve taken

Thank you for reading our guide to claiming compensation for a bank data breach.