How To Claim For A Psychological Injury After A Data Breach

By Jo Anderson. Last Updated 29th January 2024. If you have suffered a psychological injury after a personal data breach, you may be eligible to make a claim for compensation. Within this guide, we will set out the eligibility requirements that need to be met in order to have a valid personal data breach claim.

Additionally, we will discuss the different types of personal data an organisation could hold about you, and the psychological injuries you could suffer if your data were to be breached. We will also share the different types of evidence that could be gathered and used to help support your claim.

Furthermore, this guide will discuss the different types of compensation you could be awarded for a successful personal data breach claim. We will also share some of the advantages of making a claim with one of our solicitors on a No Win No Fee basis.

If you would like to discuss your particular case, you can contact a member of our advisory team. They can be reached 24 hours a day, 7 days a week, via the following methods:

Data breach psychological injury claims what are my rights after a data breach

Data breach psychological injury claims

Select A Section

  1. What Personal Data Could An Organisation Hold About Me 
  2. Can I Claim For A Psychological Injury After A Personal Data Breach
  3. How Should A Company React If They Have Had A Data Breach?
  4. What Psychological Injuries Could A Data Breach Cause?
  5. What Evidence Do I Need To Make A Claim For A Psychological Injury After A Personal Data Breach?
  6. Compensation Payouts For A Psychological Injury After A Personal Data Breach
  7. No Win No Fee Personal Data Breach Claims
  8. What Are My Rights After A Data Breach – Related Guides

What Personal Data Could An Organisation Hold About Me?

It’s important to realise that organisations may store and process lots of information about you. If any data that could help to identify you is leaked during a GDPR data breach, you could claim for any suffering. The types of information a data controller might hold about you includes:

  • Personal health information (PHI).
  • Medical records.
  • Social services records.
  • Financial transaction history.
  • Sensitive, protected or confidential information.
  • Employment or education records.
  • Your name.
  • Home address.
  • Date of birth.
  • Password used to access websites, apps or online services.
  • Email address.
  • Telephone numbers.
  • Bank account numbers and sort codes.
  • Credit card details.

This is by no way a full list of the information you may supply to different organisations. However, imagine the harm that could be caused if some of the details listed got into the wrong hands.

If you believe your personal data has been exposed by a personal data breach, and it has caused you to suffer, why not call to find out if a data breach solicitor from our team could help you claim?

What Is A Personal Data Breach Claim?

Any organisation that processes your personal data must comply with the rules and regulations set out within the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA), a together these form data protection laws.

If an organisation were to fail to comply with data protection laws, this could result in a data breach that compromises your personal data. A personal data breach is defined as a security incident that affects the integrity, availability or confidentiality of personal data.

However, in order to be eligible to make a claim for compensation, the following criteria will need to be met:

  • The breach must have been caused by the orgnaisation failing to comply with data protection laws.
  • Your personal data must have been compromised in the breach.
  • You must have suffered financial loss or a psychological injury after a personal data breach.

How Long Do I Have To Claim For A Psychological Injury After A Personal Data Breach?

If you meet the eligibility requirements mentioned above, you must also ensure that you begin the claiming process within the correct time limit.

Generally, the limitation period for starting a personal data breach claim is 6 years. However, this time limit is reduced to one year if you are making your claim against a public body.

If you have suffered financial loss or a psychological injury after a personal data breach, you can contact our advisors today to see whether you may have a valid claim. They could also inform you whether you are within the time limit.

How Should A Company React If They Have Had A Data Breach?

If a company becomes aware of a personal data breach, there are certain things that they could do. They include:

  • Beginning an investigation into what has happened.
  • Reporting the breach to the ICO (if it’s notifiable).
  • Letting any data subject who might be at risk know about the breach.

If you are contacted because a data breach has occurred, you should receive an explanation of how the breach took place, when it happened and what information may have been exploited.

As we will show later on, the letter or email that you receive could be important evidence that could help your claim. Please bear in mind, though, that just because the data breach happened, doesn’t automatically mean you’ll be compensated. You will need to provide further evidence that proves it resulted in some form of harm.

Our team will happily review your case for you. Without obligation, they’ll look at the merits of your case, provide free legal advice and could pass your case to one of our data breach solicitors.

What Psychological Injuries Could A Data Breach Cause?

Data breach and distress can go hand in hand. It may be possible for someone who has had their personal data exposed to feel depressed and anxious about who has their data and what might be done with it. 

If sensitive data is exposed, the person may fear reputational damage, and this could cause significant psychological harm. 

Anxiety after a data breach can cause someone to lose sleep, and it could even have an impact on their ability to work and enjoy their life as usual. For those who have suffered PTSD or other mental health issues prior to the data breach, the exposure of their data could make their symptoms worse. For example, if a victim of domestic abuse had their new home address exposed in a data breach, this could make their pre-exisiting anxiety worse, and they may fear that their abuser could find them.

If you have suffered psychological injuries due to a personal data breach, or a breach has exacerbated a pre-existing mental health condition, our advisors could help. They could assess whether you may have an eligible personal data breach claim.

What Evidence Do I Need To Make A Claim For A Psychological Injury After A Personal Data Breach?

As with other types of compensation claims, you can’t just state an amount that you’d be happy to accept. Instead, you need to provide evidence to prove what happened and how it has affected you. In data breach claims, this could include:

  • A letter or email from the defendant confirming that a breach took place.
  • An ICO investigation report confirming the breach happened.
  • Medical evidence to show what injuries resulted from the personal data breach.
  • Financial records that demonstrate the costs, losses and expenses incurred because of the breach.

To discuss what evidence could help progress your claim, please call our team of specialists today. If you already have any of the above, please have it to hand to help with your free case review.

Compensation Payouts For A Psychological Injury After A Personal Data Breach

If you successfully claim compensation for a psychological injury after a personal data breach, your payout would depend on a number of factors.

In data breach compensation claims, compensation could be claimed for material and non-material damage caused by the breach.

Non-material damage refers to the psychological injury caused by the breach, which could include conditions such as anxiety or depression.

Those attempting to calculate compensation payouts for non-material damage could refer to the Judicial College Guidelines (JCG). This is a publication that provides insight into appropriate compensation brackets for a range of injuries at various severities.

The table below, aside from the first figure, contains figures from the 2022 edition of this publication. However, this should only be used as guidance.

Edit
Claim Type Severity Compensation Bracket Additional Comments
Severe Psychological Harm Plus Financial Losses Serious Up to £150,000+ Severe mental harm combined with financial losses such as the cost of identity theft.
Psychiatric Damage Severe (a) £54,830 to £115,730 Marked problems in every part of their life as well as a very poor prognosis.
Psychiatric Damage Moderately Severe (b) £19,070 to £54,830 Significant problems but with a better prognosis.
Psychiatric Damage Moderate (c) £5,860 to £19,070 Marked improvements in the condition prior to settlement.
Psychiatric Damage Less Severe (d) £1,540 to £5,860 Based on the length of disability but the person may only have minor symptoms.
PTSD Severe (a) £59,860 to £100,670 The person will suffer permanent effects that impact every part of their life.
PTSD Moderately Severe (b) £23,150 to £59,860 The person would not be able to function as they did before, but the prognosis would be better.
PTSD Moderate (c) £8,180 to £23,150 The person will have largely recovered with only minor symptoms.
PTSD Less Severe (d) £3,950 to £8,180 The person will have completely recovered with only trivial symptoms.

As mentioned, you could also receive compensation for material damage caused by the personal data breach. This may include any money taken from your bank account if this information was compromised or for lost earnings due to time taken off work due to your psychological injuries.

You would need to provide evidence that such costs and losses directly resulted from the breach to include them in your claim. This could include bank or credit card statements, for example.

To learn more about compensation payouts for successful data breach claims, please contact an advisor.

No Win No Fee Personal Data Breach Claims

If you are eligible to make a claim after a breach of your personal data, one of our No Win No Fee solicitors may be able to assist you with your case. By offering to work with you under a Conditional Fee Agreement (CFA), you won’t have to pay anything upfront or during your claims process for their services. Furthermore, you will not be required to pay them a service fee if your claim fails.

Should your personal data breach compensation claim succeed, your solicitor will deduct a small percentage from your settlement as a success fee. There is a legal cap in place for the percentage that this fee can be.

Contact our team of advisors today to discuss your case. If they think you have a strong claim, they could connect you with one of our data breach solicitors. To speak with one of our team members today, you can:

Further Resources

Thank you for reading this guide about how data breach lawyers can help following a personal data breach. In our final section, we have added some additional guides that might be useful. If you require any additional information, please feel free to contact us.

Other Guides You Can Read

We hope we have answered the question ‘what are my rights after a data breach?’ effectively.