Can your personal information be shared at work? Employers will often collect data from their employees for operational purposes. The information can include personal data, which means information that can identify a person. Moreover, another type of personal information that your employer may process is known as special category data. This personal data is much more sensitive as it reveals information about you, such as your ethnic origin, religious or political beliefs.
If you have personal information shared about you with those who have no authority to have access to it, you may experience emotional distress or stress. In addition, it could also lead to financial losses. In this guide, we shall look at how your employer sharing information without a legal basis can mean that a data breach has occurred.
If you have been harmed because of a personal data breach at work, why not give our advisors a call? They will provide free legal advice on the merits of your case. Where they can see your case could have a successful outcome, you can be connected to one of our No Win No Fee data breach solicitors.
Please get in touch with Accident Claims UK to speak with an advisor:
- Call our helpline on 0800 073 8801
- Please send us a confidential message using our online claims form
- Or web chat with a claims advisor using the widget in the corner of your screen
Select A Section
- What Is Personal Information In The Workplace?
- What Personal Information Does Your Employer Keep?
- Why Does My Employer Need My Personal Information?
- Can My Employer Share My Personal Information?
- My Personal Information Was Shared At Work; Could I Claim Compensation?
- Contact Us If Your Personal Information Was Shared At Work
The UK General Data Protection Regulation UK GDPR and the Data Protection Act 2018 are both pieces of legislation that were introduced to give you, the data subject, additional rights over your personal data. It also sets out the legal obligations for data controllers, usually a company that will process your personal data, such as your employer, when they process your personal information.
An employer data breach can occur if your personal information was shared at work without a lawful basis. As you will see in the sections that follow, in order for your employer to process or share your personal data, they must meet one of the six lawful bases.
A workplace data breach can happen if a security incident compromises an employee’s personal data. A data breach can happen because of the following:
- The employer does not use the data for its original intended purpose.
- Folders containing personal data are left in an insecure environment.
- Your personal data is shared without a lawful basis.
- Unauthorised persons access your personal data.
- Or theft or loss of a device such as a USB stick that contains your personal data.
You may wonder if your employer can share your personal information. Your employer can only share your personal information if there is a lawful basis for doing so. Call our advisors now and have your data breach claim assessed for free.
Your employer may store personal data, as you can see below; they may also store personal data that is sensitive, like special category data. They may also process other information, but this may not be protected by the UK GDPR. Here are some examples of personal data.
- Date of birth
- National Insurance number
- Tax code
- Bank account data
Having your personal data breached can cause financial losses. For example, a fraudster may use the breached data to target you for a phishing scam. Or if your financial information is breached, criminals can make fraudulent withdrawals from your bank account.
Your employer may also have information about your previous performance reviews or salary information. If this information is breached, it can affect your relationships at work. Employers may also collect special category data, which is information about your characteristics, such as your race or religious beliefs.
Personal data breaches can cause emotional distress. If a data breach is particularly distressing, you may develop psychological injuries, such as post-traumatic stress disorder or anxiety.
How Often Is Personal Information Shared At Work?
The Information Commissioner’s Office publishes data security incident trends. Below are data security incidents that have been reported to the ICO in Q4 2021/22. We have taken a few statistical examples of how human error/non cyber incidents occur and how many times in this period.
- Data emailed to the incorrect recipient – 381
- Data posted or faxed to incorrect recipient – 217
- Unauthorised access to data – 287
- Lost or theft of paper work – 140
- Failure to redact personal data – 109
- Failure to use Bcc on an email – 79
The Information Commissioner’s Office is the independent public body that upholds our data protection laws. Therefore the ICO can fine organisations when there is a lack of adherence to data protection laws.
As we mentioned, your employer may collect your personal data for operational purposes. When they process personal data they become known as data controllers. They may choose to outsource their data processing or can do it in-house. However as personal data is protected under data security laws they must always ensure that this data is kept safe and secure.
Your employer may process your data for the following reasons;
- In order to fulfil the employment contract
- Payroll information and sending taxation information to HMRC
- Identification data – so that they can clarify you are who you say you are.
You may be wondering if your employer can share personal information about you. Your personal information can be shared for a lawful reason. However, it is considered a personal data breach if your employer shares your personal information illegally.
There are six lawful bases and data controllers must meet at least one to process your personal data. These are:
- Legal Obligation
- Vital Interest
- Public Task
- Legitimate Interests
Under the UK GDPR, businesses and organisations are supposed to protect the personal data they collect. Indeed, integrity and confidentiality (security) are key principles of the UK GDPR. Organisations should do the following to protect their worker’s personal data when appropriate:
- Employers should invest in security measures to protect the data they process.
- Employers should train their staff in data protection to avoid human error data breaches.
- And organisations should have up to date defence security systems installed on devices to avoid cyber attacks.
If your personal information was shared at work and there was no lawful reason for this processing then you may be thinking of making a personal data breach claim if you have suffered harm.
Firstly, you can potentially claim material damage for the financial losses the incident caused. Moreover, you could claim non-material damage for the mental health injuries or emotional distress caused.
|Impact On Mental Health
|Guidelines From The Judicial College
|Severe Psychiatric Damage
|£54,830 to £115,730
|Factors which could affect damages may include what impact the injury has on relationships, if treatment is successful and if the person is still vulnerable in the future.
There is a poor prognosis at this level.
|Moderately Severe Psychiatric Damage
|£19,070 to £54,830
|The same factors as above are present, though there is a better prognosis.
|Moderate Psychiatric Damage
|£5,860 to £19,070
|Depending on the prognosis and severity the compensation could be at the higher or lower end of the award guidelines.
|Less Severe Psychiatric Damage
|£1,540 to £5,860
|The impact on sleep and duration of illness is taken into account.
|£59,860 to £100,670
|To claim for this type of injury, the person needs to have been diagnosed with a reactive psychiatric disorder.
|Moderately Severe PTSD
|£23,150 to £59,860
|This person has been diagnosed with the same condition, but with a better outlook to make a recovery.
|£8,180 to £23,150
|Following a good level of recovery, there will not be any symptoms which are grossly disabling.
|Less Severe PTSD
|£3,950 to £8,180
|A near to full recovery is made.
The compensation brackets have been taken from 16th edition Judicial College Guidelines that were updated for 2022. This publication is very often used by legal professionals when they are valuing compensation for injuries and illnesses.
Please contact us for more information about calculating data breach compensation or what you could claim. Please note that we have not included material damage in the calculator.
Contact our advisors if your personal information was shared at work and there was no lawful reason for this to happen. Personal data breach claims must meet specific criteria in order to be valid:
- Firstly, your employer failed in their legal obligation to comply with data protection laws.
- Secondly, your personal data was breached, and
- Lastly, you suffered mental harm and/or financial losses
We can appoint a No Win No Fee solicitor to work on your claim if you have a valid reason to claim compensation. You don’t pay an upfront solicitors fee when you work with a No Win No Fee solicitor. Instead, you pay for your solicitor’s services by paying a success fee on the condition that they win your data breach claim. If your solicitor does not win your claim, you will not pay a success fee.
Furthermore, you will pay your success fee at a capped rate. So, you will receive the majority of your compensation payment. Please contact us today to see if you can make a data breach claim:
- Dial 0800 073 8801 to speak to a claims advisor
- Could you fill out our online claims form?
- Or chat to an advisor using the Live Support widget on your browser
We hope this guide has been helpful. To learn more, please refer to these guides.
Do organisations need consent to process your personal data? – a guide from the Information Commissioner’s Office
How to take your data breach case to court and claim compensation – an Information Commissioner’s Office guide
How to protect yourself from nuisance calls – a guide from the Information Commissioner’s Office.
If your personal information was shared at work, and there was no valid reasons please contact us to see if you can claim compensation for the harm you suffered as a consequence of the data breach.