Free initial advice
If you've been hurt, our trusted solicitors can help
No upfront fees. No obligation. A specialist will review your enquiry and come back to you.
Trusted by injured people across the UK
NHS information data breach claims guide
In this guide, we will explain the steps you could take should an NHS information breach occur involving your personal data. The National Health Service is a publicly funded health system. Different types of organisations make up the NHS. When these organisations process the personal data of patients or staff, they become responsible for the personal data they handle. By law, when personal data is processed, it must be protected.
Those responsible for controlling the purposes and methods of processing personal data are often referred to as data controllers. They can opt to instruct data processors to act on their behalf. Anyone handling personal data has the responsibility to protect it. Therefore, if a data controller or processor fails to adhere to data protection laws, it could compromise your personal data and result in you sustaining harm, for which you could be eligible to make a claim. Although it is important to know that a data breach could still occur even if a data controller or processor has done everything they can to prevent it, for which a claim could not be made.
Continue reading this guide to learn how much potential compensation could be awarded for a successful personal data breach claim. Also, find out how a No Win No Fee solicitor could benefit your case.
If you have been harmed by a medical data breach caused by a failure to comply with data breach laws, Accident Claims UK could help you. Our advisors can assess your claim and offer free, confidential legal advice. Please get in touch with us today to see if you could be eligible to make a claim:
Personal data is information that could be used to identify a person, such as their name or address. It is protected under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These pieces of legislation exist alongside one another to govern the storage and use of personal data. This covers information in both physical and digital forms. The UK GDPR requires organisations to take measures to protect personal data.
Under Article 9 of the UK GDPR, data concerning health is classified as special category data, which needs extra protection due to it being sensitive in nature.
A medical data breach could occur due to various causes; for example, it could be accidental or deliberate:
Please contact the Accident Claims UK team if you have evidence that your personal data has been compromised due to a data controller failing to comply with data protection law and, as a result, you have suffered harm.
If an organisation discovers a data breach which threatens the rights and freedoms of those involved, it must report the breach to the Information Commissioner’s Office (ICO) within 72 hours. From the ICO’s data security incident trends, we can see that from Q2 2019 to Q2 2022, the healthcare sector reported:
When a data controller or processor discovers that a breach of data has occurred, they should inform those affected without undue delay and report it to the ICO within 72 hours of the discovery. This is providing that there is a risk to the data subject’s rights and freedoms. Also, if you believe you have discovered a healthcare data breach, you could follow the data protection complaints procedure below:
Additionally, we recommend that you seek legal advice. Please contact our advisors today for free and confidential advice.
Article 82 of the UK GDPR outlines the eligibility criteria for a data subject to be able to make a personal data breach claim.
To make a healthcare data breach claim, you must prove the following:
If you have evidence that a failure to comply with the legislation has caused an NHS information breach to occur, resulting in you sustaining harm, call our advisors on the next steps you could take.
For a successful case, there are two potential heads of claim: non-material and material damage.
Non-material damage can compensate for the psychological injuries caused by the personal data breach, such as emotional distress, anxiety and post-traumatic stress disorder. At the same time, material damage compensates for certain financial losses resulting from the personal data breach. You could make a claim for material or non-material damage alone or simultaneously with the other.
The compensation table below uses the Judicial College Guidelines (JCG), updated for 2022, to provide compensation amounts for non-material damage. Legal professionals, such as data breach solicitors, use the JCG to help them value settlements.
| Type of Injury | Severity | Notes | Compensation Brackets |
|---|---|---|---|
| Mental Injury | Severe (a) | A mental injury which causes marked problems with the person’s ability to cope with daily life. | £54,830 to £115,730 |
| Mental Injury | Moderately Severe (b) | There is a much more optimistic prognosis of recovery. Although the person will be impacted in a way similar to the above bracket. | £19,070 to £54,830 |
| Mental Injury | Moderate (c) | The person will have a good prognosis and will have markedly improved by the time of trial. | £5,860 to £19,070 |
| Mental Injury | Less Severe (d) | How much the person was affected and how long the effects lasted for determines the award. | £1,540 to £5,860 |
| Anxiety Disorder | Severe (a) | The effects of the injury will be permanent. It may prevent the person working and will badly affect all areas of their life. | £59,860 to £100,670 |
| Anxiety Disorder | Moderately Severe (b) | There will be a better prognosis with professional help. The effects could still cause disability for the foreseeable future. | £23,150 to £59,860 |
| Anxiety Disorder | Moderate (c) | The person will have largely recovered. | £8,180 to £23,150 |
| Anxiety Disorder | Less Severe (d) | The person is virtually fully recovered within one to two years. | £3,950 to £8,180 |
Please be aware the contents of the table are a guide.
A data breach compensation claim could also include reimbursement for certain financial losses under material damage. This could include:
It is important to know that you must provide evidence of any monetary losses. This could include a record of your credit history or bank records.
Please speak to our advisors today to learn more about the potential compensation for a data breach.
When entering into any data breach claim, it may be a good idea to think about seeking the help of a professional such as a data breach claim solicitor. If you choose to enter into a Conditional Fee Agreement (CFA), a type of No Win No Fee agreement, with a solicitor, you won’t pay upfront or ongoing fees for their services. Nor will you pay for their services at any point if your claim is unsuccessful.
Alternatively, if your claim is successful, a solicitor will receive a ‘success fee’ taken from the compensation. This is a small, legally capped percentage.
Please contact Accident Claims UK to enquire about making a healthcare data breach claim:
If you would like to learn more about making a data breach compensation claim, take a look at more of our guides:
What Are My Rights After A Pharmacy Data Breach?
Lost Files Breach Of Data Protection – How To Claim
What Are My Rights After A Dentist Data Breach?
Additionally, we have provided some external links for further reading:
A guide to how the NHS uses your data
More advice from the Gov.UK site on data protection.
An ICO guide to recognising and avoiding identity theft
Thank you for reading our guide on the steps you could take should a potential NHS information breach occur and your personal data is involved.
