I Suffered A Psychological Injury After A Tesco Pharmacy Data Breach, What Are My Rights?
In this article, we will consider how you could claim if you have evidence of financial loss or psychological suffering caused by a Tesco Pharmacy data breach.
Even though the General Data Protection Regulation (GDPR) is still a relatively new law, we have arguably become quite used to it already. For example, when signing up for a new service online, we may just tick the box about data sharing without even considering it.
However, the GDPR is there to help you have more control over how your personal data is being used. That means that if an organisation that decides how and why they’ll process data (the data controller) is responsible for a data protection breach, they could be fined. Moreover, if you suffer mentally or financially because your personal data was affected by the breach, you could claim.
In this article, as well as showing what harm could result from a breach, we will look at the level of compensation that might be awarded. We will also review a real-life example of a pharmacy breach involving half a million records.
Accident Claims UK could support you. Our service begins with a consultation. After an advisor has reviewed your case and answered your questions, they’ll provide free legal advice. If it appears that your claim has good grounds, we could connect you with one of our data breach solicitors. They’ll work on a No Win No Fee basis if the case is taken on.
Our team of expert advisors are contactable on 0800 073 8801. If you would like to ask any questions, why not call them today? Alternatively, to learn more about why you could be entitled to claim following a pharmacy data breach, please read on.
Select A Section
- A Guide On Your Rights After A Tesco Pharmacy Data Breach
- What Medical Data Could Tesco Pharmacy Hold?
- What Is A Personal Data Breach Claim Against Tesco Pharmacy?
- Action A Data Controller Should Take Following A Breach
- Action The Information Commissioner’s Office Could Take Following A Data Breach
- When Are You Able To Claim For A Tesco Pharmacy Data Breach?
- Evidence That Could Support Your Pharmacy Data Breach Claim
- Calculating Compensation Amounts For A Data Breach By Tesco
- Non-Material Damages Under The GDPR
- Make A No Win No Fee Claim For A Tesco Pharmacy Data Breach
- Talk To Our Team
- Frequently Asked Questions About The GDPR
- Additional And Related Guides
A Guide On Your Rights After A Tesco Pharmacy Data Breach
Sometimes, the information you provide when signing up with different organisations can be quite valuable to criminals. That’s because certain data could be used in identity theft crimes, to extort money from you or used to access your bank accounts.
That said, data breaches don’t just happen because of criminal activity. They can also occur because of procedural errors and system failures. However, to help prevent these incidents from occurring, the Data Protection Act 2018 and the GDPR have been introduced.
As a result of this legislation, any organisation that wants to use personal data needs a lawful basis to do so. In many cases, that means they’ll tell you why they need your information and ask for your permission before it is processed.
In the UK, the watchdog that is tasked with enforcing the GDPR is the Information Commissioner’s Office (ICO). They have powers that allow them to issue fines to companies that break the rules. They can also force changes to be made in the way that the data controller processes data.
There is one thing that the ICO can’t help with, though, and that’s issuing compensation to those who suffer mentally or financially because of data breaches. That is the reason you would have to take your own action. It’s also one reason why we have provided this guide on claiming for a Tesco Pharmacy data breach if you have evidence of a valid claim.
Should you decide to take action, you must do so within the relevant time limit. Generally, the limitation period for data breach claims is 6 years from the date you obtained knowledge of the breach. However, you might want to verify that with an advisor as claims relating to human rights breaches are limited to 1 year.
What Medical Data Could Tesco Pharmacy Hold?
To enable them to provide a personalised and secure service, Tesco Pharmacy needs to retain data relating to its customers. That’s fine as it could make things easier for you when you go to collect your prescription.
However, have you ever stopped to think about what data could be stored about you? Well, it could include:
- Personal contact information such as your name, telephone number, email address, home address or mobile number.
- Your date of birth and NHS number.
- Details from your medical records.
- Information about your prescriptions.
- Website account details.
This is just a sample of the sensitive and confidential data that might be stored in a pharmacy’s IT systems. As it could help to identify you, it should be protected by the rules of the GDPR.
On top of securing this type of data, a pharmacy would not be able to share it with others without your permission (in most cases).
For example, if a research company asked the pharmacy to share details of cancer patients, they would need to check if it was ok to provide your details before doing so. If you’ve previously agreed to your data being shared for research purposes, they may not need to request your permission again, however.
What Is A Personal Data Breach Claim Against Tesco Pharmacy?
The GDPR explains what personal data breaches are. They happen following a security incident. As a result, personally identifiable data is lost, accessed, destroyed, disclosed or changed in an unauthorised or unlawful way.
The reason for the breach does not matter. That means claims could be possible if your data was exposed because of an accidental or deliberate breach.
While we do hear about cybercriminals causing breaches using firewall exploits, ransomware and phishing emails, the GDPR also covers physical documentation as well. This includes handwritten notes as well as printed forms of personal data too.
Here are a few ways in which pharmacy data breaches could take place:
- If the pharmacy’s website is taken down by a denial of service attack and personal data is stolen.
- Where a letter containing your personal data (that was meant to be sent to you) is sent to the wrong patient who is unauthorised to access it.
- Where staff are overheard talking about you and your illness because they were discussing you in a public place.
Action A Data Controller Should Take Following A Breach
As part of their data protection action plan, data controllers should have procedures to follow if a data security breach takes place. Their process should comply with the GDPR which means they will need to:
- Investigate any potential data breach. They should try to identify what information was accessed, how the breach occurred and when it happened.
- Inform the ICO about the data breach if it’s notifiable.
- If there is a significant risk to any data subject, they must be told about the breach without undue delay.
If you do receive a letter or email informing you that you might be at risk from a breach, you should retain it. That’s because it could be used as supporting evidence during a claim. We will explain what else could be used to verify your claim later on in this guide.
Importantly, on its own, the communication won’t entitle you to compensation. That’s because as well as proving a breach has occurred, you will also need evidence to show how you have suffered psychologically or financially.
Action The Information Commissioner’s Office Could Take Following A Data Breach
The ICO has issued a fine of £275,000 to a pharmacy based in London called Doorstep Dispensaree. This was due to a serious breach where around 500,000 patient records were stored in unlocked containers at the rear of the premises in Edgware.
The fine was issued because they failed to secure the personal information and also because some of it became damaged, which is also a breach of the GDPR.
If you can prove you have suffered as a result of a pharmacy data breach, why not call today to see if we could help you claim?
When Are You Able To Claim For A Tesco Pharmacy Data Breach?
As described already, you have the right to seek compensation following a data breach if you can prove you have lost money or suffered from psychological injuries because of it.
In addition to a right to claim, there are several rights provided by the GDPR that relate to personal data processing. This includes the right to:
- Be told when your data is to be used and why.
- Access any data held about you by an organisation.
- Restrict how your information is used.
- Object to your data being processed.
- Be given your data in a format that is simple to use.
- Ask for personal data to be corrected.
- Ask for personal data to be deleted.
There are also rights involving your data in relation to profiling or automated decision making. These rights are a little more complex than shown here though. Therefore, please take a look at the ICO’s website for more information on individual rights.
Evidence That Could Support Your Pharmacy Data Breach Claim
When you make any type of compensation request, you need to provide evidence. This should demonstrate who was responsible, what happened and how you suffered. In data breach claims, you could use the following to substantiate your claims:
- A letter confirming that a data breach took place and your data was involved.
- An ICO report explaining what happened and how the breach took place.
- Medical notes that show the conditions you have suffered because of the breach.
- Financial statements to show the money you’ve lost because of the data breach.
Calculating Compensation Amounts For A Data Breach By Tesco
We’re now going to look at potential compensation figures that might be awarded for psychiatric damage caused by a data breach. We have listed some example amounts in the compensation table below, but we can personalise a compensation estimate for your case after it has been reviewed.
- Claims for injuries caused by data breaches should be considered for compensation. That’s true even when there has been no monetary loss.
- Where a settlement is made for injuries, it should be paid at the same level as in personal injury cases.
Therefore, to show how much you could be paid, we’ve added the compensation table below based on figures in the Judicial College Guidelines (JCG). The JCG is used in personal injury claims to try and make consistent compensation payments.
|Injury||Severity Level||Settlement Range||Further Comments|
|Psychiatric Damage - General||Severe||£51,460 to £108,620||In this category, treatment is unlikely to help. The claimant will struggle to manage relationships and find it difficult to cope with life or work. Therefore, they will be given a very poor prognosis.|
|Psychiatric Damage - General||Moderately Severe||£17,900 to £51,460||There will be some similarity to the suffering seen above. However, the prognosis in this category will be more optimistic.|
|PTSD||Severe||£56,180 to £94,470||Symptoms including nightmares and flashbacks may be permanent and affect all aspects of life. It won't be possible to return to pre-trauma levels of functioning.|
|PTSD||Moderate||£7,680 to £21,730||In this category, recovery will be almost complete. Any symptoms that do persist won't be seriously disabling.|
|PTSD||Less Severe||Up to £7,680||A virtually full recovery will have been made within one to two years.|
To help prove the level of your suffering and that your condition was caused or worsened by the breach, a medical assessment is required. This will be performed by an independent specialist.
During your meeting, they will try to determine how you have suffered and whether you might do in the future. This will involve them asking you questions and referring back to your medical records.
After you have finished, the specialist will write their findings down in a report for your solicitor. Your solicitor would then use this to value your injuries.
Non-Material Damages Under The GDPR
If you seek damages for the suffering caused by a data breach, it is not as easy as you might think. Rather than specifying an amount you would like to be paid, you need to demonstrate why you’re claiming and supply evidence too. Furthermore, claims should consider future suffering as you can only claim once.
At the start of your claim, you’ll consider two main parts: material and non-material damages. You could claim for one or both.
Material damages are compensation for any financial losses incurred because of the breach. The initial part of your claim will cover any losses that you have already incurred. Then you might need to see if you’ll suffer in the future. For example, where your details are being circulated online by criminals, you could suffer losses until all of your accounts are fully blocked.
The potential second part of the claim, non-material damages, could be sought if you’ve suffered psychological injuries because of the breach. This could include distress and anxiety. Again, you’ll start with injuries that have already happened and been diagnosed. Then you may need to factor in any future problems identified by your medical report.
We believe the getting a claim right is very important. Our advice is that you should take on legal support when claiming either material or non-material damages (or both). If you work with one of our data breach solicitors, they will try to consider all aspects of your suffering to try and ensure everything is added to your claim.
Why not call today for a review of your case? You’ll be given free legal advice and we could connect you with a solicitor too. If you agree to proceed, your case will be managed on a No Win No Fee basis if accepted.
Make A No Win No Fee Claim For A Tesco Pharmacy Data BreachTalk To Our Team
We realise, after years of handling claims, that many people worry about using the services of a solicitor because they may have to pay the solicitor’s fee if the case loses. With Accident Claims UK, that doesn’t happen. That’s because we have a team of data breach solicitors that offer a No Win No Fee service. As a result, you could benefit from experienced legal representation but with reduced financial risk.
Our solicitors need to verify that there is a reasonable chance of success before offering this service though. If your case is taken on, your solicitor will draft a Conditional Fee Agreement (the formal term for No Win No Fee agreement) for you. This will tell you what the solicitor needs to achieve before they get paid. Furthermore, it will demonstrate that:
- Advance payment of your solicitor’s fees is not necessary.
- The cost of your solicitor’s work won’t be billed to you while the claim progresses.
- Should the case fail, the solicitor’s fees don’t need to be paid.
The scenario where the solicitor will be paid is where the case is won and compensation is paid. Rather than you having to send money to the solicitor, they will deduct a small percentage of your compensation. This is called a success fee and it’s listed in the agreement so you will know about it before you sign up. Legally, success fees are capped.
Talk To Our Team
Thanks for visiting Accident Claims UK today. We are happy to help if you have decided that you would like to know anything more about claiming. If you would like to start the ball rolling, you can:
- Contact our advisors by calling 0800 073 8801.
- Ask for advice on how to begin your claim in live chat.
- Request a callback from one of our advisors by using this claims form.
- Email firstname.lastname@example.org to explain why you believe you have a claim.
We are open 24-hours a day so that you can call when it’s convenient. Our advisors offer free legal advice about the claims process and could connect you to a specialist data breach lawyer. If they decide to work on your case, they will provide a No Win No Fee service.
Frequently Asked Questions About The GDPR
In this part of our guide, we will try to answer a few questions relating to the GDPR. If you need any further questions answering, please get in touch.
What rules do businesses need to follow?
Under the GDPR, businesses must have a lawful reason to process personal data. This can involve asking for your permission to use your data. As well as processing requirements, data controllers should also introduce procedures to try and keep personal data secure and up to date.
What are the penalties for breaching the GDPR?
As the watchdog for data protection laws, the ICO can issue fines to companies that breach the GDPR rules. They can issue fines of millions of pounds.
Can you claim compensation for a breach of the GDPR?
Additional And Related Guides
This is the last part of this guide on claiming for the suffering caused by data protection breaches. Therefore, we have listed some additional links that could help you during your claim.
Do I Need To Consent?: An ICO article demonstrating when data controllers require permission to process personal data.
Report A Breach: Read about the requirements organisations should adhere to when reporting personal data breaches.
Anxiety: A UK charity offers advice on what causes anxiety and the treatment available for it.
Employment Data Breaches: Details of when you could be entitled to claim if your employer leaks information about you.
Comparison Site Data Breaches: Advice on what type of data breach involving a comparison site could result in a claim.
Mortgage Provider Data Protection Claims: Information about claiming if your data is exposed by your mortgage provider.
Thanks for reading our guide on what to potentially do following a Tesco Pharmacy data breach.
Guide by BH
Edited by RV