In this guide, we will explore when you may be eligible claim following an accidental data protection breach at work. As a data controller, the person who sets the purpose for processing, your employer has a responsibility to protect your personal information. If they fail to uphold their responsibility, as set out in data protection law, causing your personal data to become compromised, you may be able to claim. However, we will explore the criteria your claim must meet in more detail throughout this guide.
Additionally, we will discuss what information may be involved in an accidental data breach and how a breach could occur.
Furthermore, we will look at how compensation for a data breach is calculated as well as what your settlement may comprise.
If you’re interested in hiring a solicitor but are concerned about the costs, we could help by connecting you with one of our No Win No Fee solicitors. We have provided further details about the services they offer in our guide.
You can contact our advisors with any questions regarding your claim. Our team is here to help you with free legal advice 24 hours a day, 7 days a week. To get in touch, you can:
Select A Section
- What Is An Accidental Data Protection Breach At Work?
- What Information May Be Involved In An Accidental Data Protection Breach At Work?
- How To Claim For An Accidental Data Protection Breach At Work
- How Long Do I Have To Claim After An Accidental Data Breach?
- What Could You Claim For An Accidental Data Protection Breach At Work?
- Can You Make A No Win No Fee Claim?
An accidental data protection breach at work can include when your personal information has become compromised due to an organisations failings. This could include your employer, the data controller. However, it could also include the data processor who acts on behalf of the data controller.
A personal data breach is a security incident that affects the availability, confidentiality and integrity of someone’s personal information.
Personal data is any information that can identify you either directly or indirectly when used alongside other data that can directly identify you. Some examples are your name, home address, phone number, place of employment and banking details.
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) are the pieces of legislation data controllers and processors must follow to protect your personal data.
If your employer fails to uphold their responsibility as set out in data protection law, it could result in your personal data being compromised. You could suffer financial damage or psychological harm as a result.
For example, they may leave your employee file out on their desk allowing someone without authorisation to access it. This could cause you to experience stress in the workplace due to another employee finding out about a certain health condition you have.
To find out whether you’re eligible to make a claim, call us on the number above.
An accidental data protection breach at work could involve different kinds of personal data relating to you.
Employers can hold various kinds of personal information about you for employment reasons and to process your wages. Examples include:
- Date of Birth
- National Insurance Number
- Tax Code
- Employment history
- Data relating to your health
- Information on your ethnicity or race
- Information on your trade union membership
Accidental Data Protection Breach At Work Statistics
The Information Commissioner’s Office (ICO) is responsible for upholding the rights and freedoms of a data subject. In addition, they provide helpful information on the data security incident trends in various sectors, such as education, central government and finance.
As per the ICO trends, there were a total of 2,172 cyber and non-cyber security incidents in Quarter 4 of 2021/22.
After an accidental data protection breach at work, your employer should inform you of the breach without undue delay if it is affected your rights and freedoms. Additionally, they should inform the ICO if it meets the relevant criteria for reporting. If it does, they should report it within 72 hours.
If you suspect a data breach has occurred, you can speak directly with the organisation. Any communication you have with them can be used as evidence to support your claim.
Alternatively, if the organisation fails to respond or fails to give you an adequate response, you can contact the ICO. They may investigate the breach and if they find the organisation responsible for breaching data protection law, they may issue fines or take other enforcement action.
The findings from the ICO investigation can also be used as evidence to support your claim.
Lastly, if you have suffered financially or psychologically after an organisation’s failings caused your personal data to become compromised, you may be able to seek compensation. You can speak with our team for free legal advice on making a claim. Call on the number at the top of the page.
To make a claim, you need to prove that an organisation’s failings caused your personal data to become compromised and that you suffered financially or mentally.
Additionally, you need to ensure you make your claim within the time limit. Generally, you have six years to start a personal data breach claim. However, this reduces to one year if you’re claiming against a public body.
To find out whether you’re eligible to claim, call us on the number above.
Following a successful claim, your settlement may comprise material damages and non-material damages. Each of these aims to compensate for the impact the personal data breach has had on you.
Material damages seek to compensate for the financial losses caused by the personal data breach. For example, your identity may have been stolen leading to someone taking out loans in your name. This could have a long term impact on your credit score.
Non-material damages seek to compensate for the psychological injury you have experienced due to the personal data breach. This could include distress, stress, anxiety and post-traumatic stress disorder (PTSD).
Before the Vidal Hall and Others v Google Inc (2015) Court of Appeal, you could only seek compensation for psychological harm if you had also suffered financial loss. However, now you can claim for psychological harm independently of financial losses.
Solicitors and other legal professionals can use the Judicial College Guidelines (JCG) to help them calculate the value of the non-material damages portion of your settlement.
The guidelines include compensation brackets relating to different injuries. We have included a table containing some guideline figures from the JCG. Please only use this table as a guideline.
|Type of Harm
|(a) SEVERE – Problems with coping with various aspects of life and a very poor prognosis.
|£54,830 – £115,730
|MODERATELY SEVERE – Problems with coping with aspects of life, but there will be a better prognosis.
|£19,070 – £54,830
|MODERATE – Despite the suffering, there will be significant improvements and a good prognosis.
|£5,860 – £19,070
|LESS SEVERE – Various factors will affect how much the claimant is awarded, such as the effect on sleep.
|£1,540 – £5,860
|Post-Traumatic Stress Disorder (PTSD)
|SEVERE – Inability to function the same as pre-trauma causing an impact on all aspects of the person’s life.
|£59,860 – £100,670
|MODERATELY SEVERE – A better prognosis due to professional help.
|£23,150 – £59,860
|MODERATE – The person will have largely recovered.
|£8,180 – £23,150
|LESS SEVERE – A mostly full recovery should occur within a couple of years.
|£3,950 – £8,180
For more information on how much data breach compensation you could receive following a successful claim, call our team.
Our panel of solicitors can help you by offering their services under a Conditional Fee Agreement (CFA). This is a type of No Win No Fee arrangement that can allow you to fund legal representation. It means:
- During the process of your claim, there are no fees to pay for your solicitor’s services.
- You are not required to pay for your solicitor’s services if your case isn’t successful.
- You will pay a success fee from your compensation if the claim succeeds. This is legally capped.
For more information, you can speak with our team. They can discuss whether you’re eligible to claim following an accidental data protection breach at work.
To get in touch, you can:
Below, we have included some additional resources that you might find beneficial.
- Employer data breach claims guide
- What are my rights after a housing association data breach?
- School data breach claims guide
- GOV: Personal data an employer can keep
- National Cyber Security Centre: Guidance for individuals and families
- NHS: PTSD
Speak with our advisors if you still have any questions about an accidental data protection breach at work and whether you can make a claim.
Guide by MR
Edited by MMI