What Are My Rights After A Doorstep Dispensaree Ltd Data Breach?

I Suffered A Psychological Injury Because Of A Doorstep Dispensaree Ltd Data Breach, What Are My Rights?

What are my rights after a Doorstep Dispensaree Ltd data breach guideIn this article, we are looking at the Doorstep Dispensaree Ltd data breach which meant they received a fine of £275,000.

When you hand over personal information so that a company can provide a service, you probably don’t think what could go wrong if they don’t store it securely. However, under the General Data Protection Regulation (GDPR), organisations that decide how and why they’ll process your data (data controllers) have to take measures to protect it. Since these rules were introduced, companies can be fined for data protection mistakes.

In this article, we will discuss data privacy for individuals. We’ll also show the harm that can be caused by data breaches, why that could lead to a compensation payout and how much could be paid.

Accident Claims UK is able to support you if you have evidence of a valid claim. We offer an initial consultation to review your claim, where you will receive free legal advice. After that, you aren’t obliged to proceed with our services but if your case is suitable, we could connect you with our data breach solicitors. Any case they take on will be made on a No Win No Fee basis.

During the course of this guide, we will show why a genuine victim of a data breach could be compensated. If you would like to learn more about your options, please call us on 0800 073 8801. Otherwise, please keep reading to learn more about pharmacy data breach claims.

Select A Section

A Guide To Your Rights Following A Doorstep Dispensaree Ltd Data Breach

Pharmacies, like other organisations, sometimes require personal information about their customers. By having it, the process of dispensing medication can be much more efficient.

However, due to the sometimes personal and sensitive nature of that information, you probably wouldn’t want it to be leaked. If it were, you could suffer psychologically, or financially in some cases. It is that sort of suffering that could lead to a compensation claim.

Fortunately, the GDPR and also the Data Protection Act 2018 have been implemented to tighten up data security and improve data privacy for individuals.

A lawful basis is now required before a data controller (the pharmacy in this case) can process your personal data. One way this can be achieved is to explain to you why your data is required and ask you to agree to its use. There are other lawful bases for processing.

The Information Commissioner’s Office

The UK’s watchdog for data protection laws is the Information Commissioner’s Office (ICO). Where data security breaches occur, the ICO can launch an investigation. After that, their legal powers allow them to issue fines and enforcement action against companies. It was the ICO that issued the fine for the Doorstep Dispensaree Ltd data breach that we mentioned earlier.

Although the ICO does have a lot of power, it can’t award compensation to you if you’ve suffered mentally or financially due to a breach. Instead, you will need to seek compensation separately.

If you are about to begin legal action, you’ll need to know about the time limits for making data breach claims. Generally, you will have 6 years from the date you obtained knowledge of the breach. However, some cases relating to human rights breaches only have 1 year. If you call our team, they’ll check which limitation period could apply to you.

Once you have completed this article, please feel free to call with any queries. Our claims team offer free legal advice whether you claim or not.

What Healthcare Data Could A Pharmacy Hold About Me?

To provide you with an efficient service, pharmacies do need to know some information about you. The amount of data they hold may increase the longer you remain a customer. But have you ever thought about what type of personal data your pharmacist holds? Well, it might include:

  • Personal contact details such as your name, home address, mobile or landline numbers and email address.
  • Information from your medical records.
  • Your NHS patient number.
  • Prescription history and details of repeat prescriptions.
  • Login credentials if they have a website.
  • Payment details if you pay for your prescriptions online.
  • Information relating to any disabilities.

It is possible that a pharmacy could know more about you than we have listed here. Importantly, as a lot of the information could help to identify you, it is likely to be covered by the new GDPR rules.

In addition to keeping such information safe from unauthorised access, pharmacies cannot pass your information to others without your permission. For example, if the pharmacist was approached by a research company, they would need to check with you before sharing your data.

If they failed to do so, and your information was shared, a GDPR breach will have occurred. However, if you’d agreed to your data being shared for research purposes beforehand, they may be able to share this data without asking again.

If you would like us to review your options in relation to a data protection breach claim that you can prove caused you to suffer mentally or financially, please get in touch. An advisor will guide you through the process and let you know if you could be eligible for compensation.

What Is A Personal Data Breach Claim Against Doorstep Dispensaree Ltd?

The GDPR is quite a long document. However, it is clearly written and offers definitions in relation to data privacy. It says that a personal data breach occurs following a security incident. As a result, personal data is lost, disclosed, changed, destroyed or accessed in a way that the data subject has not agreed to or is unlawful. (A data subject is a person whose data is being processed.) Importantly, data breaches can be deliberate or accidental.

In the press, you may often read about data breaches that have been caused by cybercriminals. They use different tactics to get hold of personal data including phishing emails, ransomware, firewall exploits, keyloggers and viruses.

However, we should let you know that non-digital data is also covered by the GDPR. That means that paper copies of your medical information would also be covered.

Here are a few scenarios of how a pharmacy could be involved in a GDPR data breach:

  • Where another customer is provided with your prescription and is able to identify you from the label.
  • If the pharmacy’s computer systems are hacked by cybercriminals and patient data is accessed.
  • When a letter, email or text message containing personal information is sent to the wrong, unauthorised person.
  • If staff access your personal record without a lawful reason to do so.

Later on, we will explain how you could find out about a pharmacy data breach. If you have evidence that makes you eligible to claim, please give us a call today.

Steps A Pharmacy Should Take If They Suspect A Data Breach

During the implementation of the GDPR, it was advised that companies should create a data breach plan. Many organisations appointed data breach officers to help with this. When a company is informed about or finds out about a personal data breach, they should:

  • Launch an internal investigation to find out what has happened. They should try to establish a) when the breach occurred, b) the data that was affected, c) how the incident took place and d) whose data was involved.
  • Contact the ICO with 72 hours if the breach is notifiable.
  • Contact any data subjects, without undue delay, to inform them of the breach if they might be at risk.

If you do receive a communication (for example, an email or letter) regarding the breach, it could be used as evidence to help your claim. Later on, we will show you what else could be used to substantiate your claims.

Doorstep Dispensaree Ltd Data Breach Case Study

Let’s now look at the ICO report into the Doorstep Dispensaree storage of patient data that landed them with a £275,000 fine.

It explains that around 500,000 records were stored in unlocked storage containers at the back of its premises in London. The records contained information about patients, including NHS numbers, prescription details, names, dates of birth and addresses.

As the documents had been water damaged and were easily accessible, the ICO decided to take action. The pharmacy was also issued an enforcement notice.

If you have evidence of a valid claim and you’ve suffered psychologically or financially as a result of a pharmacy data breach, please call our team today.

Check Your Eligibility To Claim For A Pharmacy Data Breach

As we have described already, you might be eligible to seek compensation if your data protection rights have been breached and you’ve suffered mentally or financially as a result. As well as making companies keep your data secure, the GDPR gives rights relating to data privacy for individuals. You have the right to:

  1. Be told why your data is needed.
  2. Object to personal information being used.
  3. Request copies of the data held by an organisation relating to you.
  4. Receive data in a portable format.
  5. Ask for errors to be rectified.
  6. Restrict how your data is used.
  7. Request data deletion.

You also have rights in relation to automated decision making. To read more comprehensive information on these individual rights, visit the ICO’s website.

Gather Documentation And Evidence To Support Your Claim

All compensation claims require evidence to support them. It should prove what happened, who was to blame and how you suffered. To prove these things during a pharmacy data breach claim, you could use:

  • Emails or letters sent by the pharmacy that tell you that a breach containing your data took place.
  • A report from the ICO. These may be available if they decide to investigate a breach.
  • Medical records and medical reports that provide evidence of the psychiatric injuries that have resulted from the breach.
  • Bank statements or other records that show the amount of money you have lost because of the breach.

If you would like us to check if you’re able to proceed with a claim, why not call and let us review your evidence?

Calculate Data Breach Compensation Claims Against Doorstep Dispensaree Ltd

Let’s now move on to look at potential compensation figures. In this section, we are considering compensation for psychological injuries rather than financial losses. Although we have listed some figures in our compensation table below, you should get a more detailed estimate if you let one of our advisors review your case.

It is important to look at a hearing at the Court of Appeal when discussing data breach compensation. In the case of Vidal-Hall and others v Google Inc [2015], two important decisions were made:

  1. Compensation should be considered if the claimant has been injured as a result of a data breach. This is the case even if no money has been lost. Before this case, you could only claim for psychological harm if you’d also suffered financially.
  2. Where compensation is paid for psychological injuries, the level should be determined as it is in personal injury law.

Therefore, our compensation table below provides potential settlement amounts from the Judicial College Guidelines. This is a publication of recommended figures for injuries that legal professionals may refer to when settling injury claims.

Psychological Injury Notes Settlement Range
PTSD (Moderate)While most symptoms will have subsided, the claimant may suffer some residual effects.£7,680 - £21,730
PTSD (Moderately Severe)Victims in this category will have suffered significant issues but there will be an optimistic prognosis.£21,730 - £56,180
PTSD (Severe)The victim will have permanent symptoms of PTSD. All aspects of their life will be affected with little hope of returning to pre-trauma levels of functioning.£56,180 - £94,470
Psychiatric Damage (Less Severe)For cases falling short of a specific phobia or disorder.Up to £5,500
Psychiatric Damage (Moderate)There will have been some serious problem caused by these injuries but a good prognosis will be offered.£5,500 - £17,900
Psychiatric Damage (Severe)There will be a very poor prognosis for victims in this category. Relationships and work will suffer and treatment is unlikely to help.£51,460 - £108,620

Medical Assessment

To help determine the exact nature of your suffering and to prove that the breach caused or worsened your condition, you will need to have a medical assessment during the claims process. Our solicitors are usually able to make local appointments to prevent excessive travel.

The meeting will be conducted by an independent medical specialist. They will try to ascertain details of your injuries and provide a prognosis as well. This will be done by asking questions and looking through your medical records. Once they have completed their assessment, a report will be filed with your solicitor. The solicitor would be able to use this report to value your injuries.

If you’re unsure as to how your condition could be valued, get in touch with us. Our advisors can offer a free estimate.

Could You Claim Both Material And Non-Material Damages?

Claims for the suffering that results from a data protection breach can seem a little daunting. That’s mainly because you need to consider any suffering that might happen in the future as well as any that’s already happened. This is the case because you’re only allowed to claim once for the same incident.

When you sit down to calculate your claim, it will usually be separated into two parts. You could claim for either or both, depending on what you have evidence of.

The first is called material damages. This is used to claim for any cost, financial losses or expenses sustained as a result of the breach. While working out your current losses should be quite straightforward, you might also need to consider future losses too.

For example, it is possible that you could continue to lose money if cybercriminals are sharing your personal details online. This could continue until you manage to change all of your accounts.

The next part of your claim could be for non-material damages. This aims to provide compensation to cover any pain and suffering. Initially, you could look to be compensated for any diagnosed injuries. These might include distress, anxiety or depression.

After that, you might need to claim for any additional suffering that has been highlighted in your medical report. For example, your prognosis might suggest that you will suffer for some time.

As you can see, there is a lot to factor into your claim. We believe you have the best chance of filing a claim correctly if you take on legal representation. Furthermore, we believe that having a data breach lawyer working for you can give you the best chance of being compensated correctly.

If you have evidence of a valid claim, why not get in touch today?

No Win No Fee Pharmacy Data Breach Claims Against Doorstep Dispensaree Ltd

In our experience, many people are concerned about losing any money paid to a solicitor if their claim fails. To reduce your financial risk, our team of data breach solicitors offer a No Win No Fee service for all accepted claims. That means you could benefit from an experienced legal professional without the risk of having to pay their fee if your claim fails.

Before any claim is taken on, a solicitor will need to consider its chances of success. If they are happy to take your claim on, the solicitor will provide you with a Conditional Fee Agreement (the formal term for No Win No Fee agreement). This states what your solicitor will need to do before they are paid. It will clarify that:

  • You don’t need to pay for your solicitor’s work in advance.
  • There aren’t any solicitor’s fees billed to you during the claim.
  • If your case doesn’t work out, you won’t need to pay for your solicitor’s work.

Where a claim is won, and compensation is awarded, you will pay a success fee to your solicitor. Rather than you having to send money, your solicitor will deduct an agreed percentage of any compensation. This success fee is detailed within the No Win No Fee agreement so you will know about it before the case begins. Also, by law, success fees are capped.

Do you want to find out if you could use the services of a solicitor through a No Win No Fee agreement? If so, please contact our team today.

Contact An Advisor

Thank you for reading our guide on claiming for a breach of patient data. If you would like to contact us to start the ball rolling, you can:

FAQs On Pharmacy Data Breaches

We are going to use this section to try and answer some common GDPR-related questions. If you have any further queries, please let an advisor from our team know.

How does GDPR affect a pharmacy?

As many pharmacies process personal data, they are obliged to abide by the GDPR. That means there needs to be a lawful basis for processing personal information and they should implement security measures to protect such data.

Does a pharmacy need a data protection officer?

The ICO says that data protection officers (DPOs) are required for organisations that are public bodies or where their activities include systematic, regular and large scale monitoring of individuals. Pharmacies are able to voluntarily nominate a DPO.

How much can the ICO fine companies for data breaches?

The Information Commissioner’s Office is able to fine companies for data security failures. They can issue fines worth tens of millions.

Guides Related To This Article

This is the final section of our article about claiming for a Doorstep Dispensaree Ltd data breach. To provide additional support, we have listed a few more resources that you might find helpful. Please contact us on the number at the top of the page if you need to know anything else.

Pharmacy Inspection Reports – Here you can search for inspections conducted by the General Pharmaceutical Council.

Object To Data Use – An explanation of when and how you can object to your data being used.

Post-Traumatic Stress Disorder (PTSD) – This article shows some of the symptoms that can result from PTSD.

We have added a few more of our data breach guides below for your information:

University Data Breaches – Information on why you might be eligible to claim following a university GDPR breach.

Dentist Data Breach – Advice on claiming if your personal data is exposed by a dental practice.

Private Healthcare Data Breaches – Details on how data breach claims against private healthcare companies can be made.

Thanks for reading our guide on what to do following a Doorstep Dispensaree Ltd data breach.

Guide by BH

Edited by RV