Can You Sue A Company For A Data Breach?

Can You Sue A Company For A Data Breach?

Can You Sue A Company For A Data Breach?

If you have suffered emotional distress or financial harm due to your personal data being exposed, this guide can help you find out if you can sue a company for a data breach. Throughout this article, we will explain the many ways you can be affected by a data breach and who could be eligible to claim.

Additionally, the guide explains the actions you could take to protect yourself, and who could be sued in the event of a data breach. We will also explain how a data breach could happen.

Furthermore, you could estimate your data protection breach compensation amount in the UK, using compensation examples found in this guide. The factors that go into calculating compensation could be understood by reading the guide. 

 We will also explain what a No Win No Fee service is, and how our solicitors could help you sue a company for a data breach. If you need support you can call our advisors who can give free legal advice and present you with your options. You can get in touch by:

  • Calling us free on 0800 073 8801
  • Filling out our online contact form
  • Chatting with our advisors in real-time using the chat feature on the bottom right of the page

Read on to learn more about data breach compensation claims.

Select A Section

  1. Can You Sue A Company For A Data Breach?
  2. Types Of Personal Data That Could Be Exposed In A Breach
  3. What Companies Could I Sue For A Data Breach?
  4. Who Should You Tell If You Have A Data Breach?
  5. How Much Can You Sue A Company For A Data Breach?
  6. Contact Us-No Win No Fee Data Breach Solicitors

Can You Sue A Company For A Data Breach?

Data controllers and data processors are required by law to keep personal data safe. A data controller is very often an organisation or company that will process the personal data of a data subject. 

To be eligible to sue a company for a data breach you must first be able to show how the data controller failed to take care of your personal information. This will mean proving how they failed to comply with data protection laws. Then you must demonstrate how you have suffered because of the breach.

Personal data is protected by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

According to the Information Commissioner’s Office (ICO), a personal data breach is a security issue that will mean any of your identifiable information or personally sensitive data will have been accidentally or intentionally altered, destroyed, lost, disclosed or accessed. Here there will have been no lawful basis present that is needed for the processing of personal data.

Be aware that there is a general time limit for making a data breach compensation claim. Generally, this limit is 6 years or 1-year if making a data breach claim against a public body. You can get in touch with us to see if we could start work on your claim.

Types Of Personal Data That Could Be Exposed In A Breach

The type of data a company might hold can depend on its needs. For example, an online shopping company may hold your password information or bank details such as credit card numbers and security codes, whereas a pharmacy may hold medical records. 

The impact of a data breach can be far-reaching. It could result in a loss of confidentiality, a limitation of rights, or even discrimination. These problems could in turn cause psychological injuries like anxiety and depression.

The types of personal data which could be part of  a personal data breach can include:

  • Financial information, like a bank account, debit card details, and credit card details.
  • Medical documents that show sensitive medical history.
  • Special category data like political beliefs, and sexual orientation.
  • Social services documents.
  • Personal health information, for example, a person’s HIV status.

What Companies Could I Sue For A Data Breach?

You can make a personal data breach claim against a data controller or processor if they are found liable for the breach. To form the basis of a successful claim, you must show that:

  • The company failed to adhere to data protection laws
  • This meant your personal data was involved in a data breach
  • This caused you financial or mental harm.

Data controllers and processors are under obligation to implement technical and other measures to ensure the security of data that should be protected. According to the ICO, a data controller should be compliant and ensure the compliance of its data processors to the data protection laws.

Data security trends have shown that most data breaches are due to human error. Some human errors that led to data breaches are:

  • Verbal disclosure of personal information
  • Emailing sensitive information to someone else instead of the right person
  • Medical letters posted or faxed to someone else
  •  A failure to use BCC in emails exposes other email addresses unintentionally
  • Incorrect disposal of paperwork or hardware
  •  A failure to redact personal information

The Cyber Security Breaches Survey 2022, which interviewed around 1,243 UK businesses, reported that within those organisations reporting cyber attacks 31% of businesses estimated that they were attacked once a week, while 26% of charities estimated attacks at the same frequency.

Get in touch with our team of expert advisors today to learn more about whether you can sue a company for a data breach.

Who Should You Tell If You Have A Data Breach?

If a data breach risks the rights and freedoms of any of the subjects involved, organisations must inform you of the breach as soon as possible, as well as report the breach to the ICO within 72 hours.  This is to enable the individuals to quickly take steps that could mitigate the risk of the data breach.

Steps you can take to protect yourself after you have suffered a data breach include:

  • Inform your bank and freeze any credit or debit cards 
  • Change your passwords
  • Where possible, sign up for 2-factor authentication
  • Watch your accounts and your credit reports for any suspicious activity
  • Contact a data breach solicitor

A data breach can be stressful. You can contact our advisors if you need support to make a data breach distress compensation claim.

How Much Can You Sue A Company For A Data Breach?

How much you’ll get, or if you’re eligible for compensation, depends on the specific circumstances surrounding your case. Every data breach case is unique, and the compensation you could potentially receive will reflect this. Below, we will explain the types of compensation you may be able to claim following a personal data breach.

Compensation For Material Damages

Material damages compensate for the financial losses you may have incurred due to the data breach. It covers not only immediate financial losses but also future financial losses too.

Compensation For Non-material Damages

These damages refer to any psychological harm you may have experienced as a result of a personal data breach. Examples of non-material damages you can claim for include:

  • Distress
  • Anxiety
  • Post Traumatic Stress Disorder (PTSD)

 Vidal-Hall and others v Google Inc [2015] – Court of Appeal set precedence for claims that involve only non-material damages. The Judge’s decision in that case now allows you the right to claim for a psychological injury independently.

We have used figures taken from the 2022 edition of the Judicial College Guidelines (JCG) to create a compensation calculator table. While this can give you a broad idea of what you could receive in terms of compensation for non-material damages, it is important to remember that these are only guideline amounts. The actual amount of compensation you could receive may differ.

Injury Severity Notes Amounts
Psychiatric Damage (a)
Marked problems with
all aspects of life. Chance of recovery is very slim.
£54,830 to £115,730
Psychiatric Damage (b)
Moderately Severe
Significant problems with relationships, work and social life. Treatment is needed for a better prognosis. £19,070 to £54,830
Psychiatric Damage (c)
Marked improvement. There is a good chance of making a full recovery. £5,860 to £19,070
Psychiatric Damage (d)
Less Severe
Award will depend on length of the period of disability and the extent to which daily life and sleep were impaired. £1,540 to £5,860
Post-Traumatic Stress Disorder (PTSD) (a)
Permanent effects that prevent the injured person from working or functioning at pre-trauma level. £59,860 to £100,670
PTSD (b)
Moderately Severe
Some recovery with professional help. £23,150 to £59,860
PTSD (c)
Mostly recovered with non disabling effects. £8,180 to £23,150
PTSD (d)
Less Severe
Nearly full recovery with minor effects remaining. £3,950 to £8,180

Contact our advisors today for more information on making a data breach compensation claim.

Contact Us – No Win No Fee Data Breach Solicitors 

You may have decided to claim but worry about the cost of legal support. If you call our advisors, they can answer your data breach compensation questions while presenting your options.

If your claim is valid, they may also be able to connect you with one of our solicitors who can represent you on a No Win No Fee basis. You may be offered a Conditional Fee Agreement (CFA), and you won’t pay upfront or ongoing fees to your solicitor during the claim process. Additionally, you won’t pay your solicitor’s success fee if your claim is unsuccessful.

If your claim is successful, a small percentage of your data breach compensation will go to your solicitor as their success fee. This percentage has a legal cap to ensure you retain most of your compensation.

You can contact us to give advice more tailored to your situation, and to find out if you can sue a company for a data breach.

  • Call us free on 0800 073 8801
  • Fill out our online contact form, and we will reach out to you.
  • Chat with us in real-time using the chat feature on the bottom right of the page.

Related Resources on Data Breach Compensation Claims  

Taking Your Case To Court And Claiming Compensation 

NHS Information On Depression

Data Breach Guidance For Individuals And Families

Read our other guides for more tips on data breach claims:

What Are My Rights After An NHS Data Breach

Your  Rights After A Loan Provider Data Breach

Your Rights After A Solicitors Data Breach

Guide by MIM

Edited by MM/CH