What Are My Rights After A Customer Service Data Breach?

Employees performing customer service duties can have access to a wide range of people’s personal information: this can include names, email addresses or bank details. This is personal data, and it is protected by the country’s data protection laws. It cannot be used inappropriately and it must be kept confidential and secure; a failure to do this can be considered a data breach. This is a guide explaining your rights if your information was exposed in a customer service data breach. 

customer services data breach

A guide on claiming after a customer service data breach

We will talk about the responsibilities placed on people with access to your personal information, and the actions you can take if you suffered harm from a data breach. We will also give you information about how you can get in touch with a data breach solicitor to help you make a claim for compensation. 

Our advisers are also available to answer any questions you might have. They can explain how compensation is calculated, offer free legal advice and can discuss your situation with you over a free consultation. To speak with one, reach out by:

Select A Section 

  1. What Are Customer Service Data Breaches? 
  2. What Personal Data Could Be Affected? 
  3. Steps Companies Should Take After A Data Breach 
  4. Customer Service Data Breach Examples 
  5. How Much Could You Claim For A Customer Service Data Breach? 
  6. How To Make A Customer Service Data Breach Claim 

What Are Customer Service Data Breaches? 

Information that can identify someone is considered personal information. For example, this can be a name, a phone number, an address, bank card details or information about a purchase.

When an organisation uses or collects this information, it is protected by the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA).  Your personal information cannot be used or shared without a lawful reason, it cannot be altered to make it inaccurate or misleading, and it must be kept confidential and secure 

This applies to all of your personal information, no matter how harmless the piece of information might seem. Use of your information that does not fall in line with the six lawful bases for processing can be considered unlawful. 

A personal data breach is when a security incident causes the accidental or unlawful loss of, access to, disclosure of, destruction of, or alteration of personal data.

An action like an employee working on customer service, revealing any information they had seen about you or a purchase you made to a friend, can be a customer service data breach. 

If you were to suffer harm because of a data breach, you could be eligible to make a claim for compensation 

Our advisers can offer you more information on what a data breach claim would entail. If you are looking to make a claim, why not reach out to one. 

What Personal Data Could Be Affected? 

A wide range of businesses and industries utilise customer services. The types of personal data they could have is broad. Generally, though, an employee working in customer services might have access to: 

Personally Identifying Information: Such as a person’s name or address. 

Financial Information: Such as a person’s debit or credit card details. 

Service User Information: Information about a person’s purchase history or how they were using their service 

Steps Companies Should Take After A Data Breach 

Companies that suffer a serious data breach have a responsibility to report the incident to the Information Commissioner’s Office (ICO). If a person’s rights and freedoms are risked in the data breach, the organisation has to inform the person as soon as they can. 

A data breach can also highlight a data security problem within a company. After a breach, a company can use the incident as a chance to audit and review their data security practices; this can let them know whether better training is necessary, or whether they need better data protection policies or better security systems. 

If you suffered harm from a customer service data breach, our advisers can help you understand whether you can make a claim for compensation.  

How Often Could These Breaches Happen? 

Organisations can report data breaches to the ICO. They publish a quarterly report of self-reported data security incidents that companies have faced. 

In the 3rd quarter of 2021/22 (01/10/2021 – 31/12/2021), non-cyber security incidents made up 1,773 of data security incidents reported. Cyber security incidents made up 631 of the data security incidents reported.

Customer Service Data Breach Examples 

A customer service breach could happen because of the below. 

Poor confidentiality

If a company does not have a data protection policy in place, employees might not be aware of the strict standards in place for data processing. An administrative staff member working on customer service might share a story about a customer’s personal information they found humorous, being unaware that this might constitute as a data breach by the administrator. 

Human error

Human or clerical errors can happen and an employee might  

  • Send personal information to the wrong address.  
  • Input the wrong personal information, making it inaccurate. 

Poor data security

Safely storing and securing personal data is a key responsibility under the UK GDPR. Actions like the following can leave personal data vulnerable to common causes of breaches.

  • Failing to limit access to work devices that contain personal data 
  • Accessing personal data on untrusted or shared devices 
  • Not storing storage devices securely 
  • Failing to implement up-to-date cybersecurity 

If you suffered harm from a customer service data breach, please speak with one of our advisers for more information. 

How Much Could You Claim For A Customer Service Data Breach? 

To make a valid personal data breach claim, you’d need to show that the organisation’s wrongful conduct caused the breach. This could be, for example, failing to train staff in data protection, but then asking them to handle personal information.

In a data breach claim, you can seek compensation to address any financial losses you have suffered from the breach, along with any mental harm it caused you. 

For financial losses, you can seek compensation under material damages. This can address losses such as: 

  • Theft: If your exposed data was used to steal money from you and you weren’t able to recover that money.
  • Loss Of Income: If you were unable to work for a time, because of the breach, and lost money as a result. 

For mental harm, such as distress from the breach, you can seek compensation under non-material damages. 

Below are figures from the April 2022 edition of the Judicial College Guidelines (JCG) showing common compensation brackets for psychological injuries

InjuryNotes Award
Psychological Damage Injuries affecting the person's ability to go through all aspects of life
Severe CasesThe person was heavily affected and chances of recovery are seen as poor£54,830 to £115,730
Moderately Severe CasesA better prognosis for recovery but the person will still be heavily affected£19,070 to £54,830
Moderate CasesThe person was initially affected but is showing good improvement£5,860 to £19,070
Less Severe CasesThe person's ability to perform daily activities was affected for a period of time£1,540 to £5,860
PTSDInvolving symptoms such as disturbed sleep and mood disorders
Severe CasesPermanent effects to a person £59,860 to £100,670
Moderately Severe CasesA better chance of recovery following professional help£23,150 to £59,860
Moderate CasesThe person will have mostly recovered, with few symptoms persisting£8,180 to £23,150
Less Severe CasesPerson will have made a full recovery£3,950 to £8,180

Following the Court of Appeal case, Vidal-Hall and others v Google Inc 2015’s ruling, you no longer need to have suffered financial harm to seek out compensation for mental harm. 

Our advisers can help you If you are looking for a value of compensation for your data breach claim.

How To Make A Customer Service Data Breach Claim 

You do not need a solicitor to bring forward a data breach claim but the experience they offer can be beneficial. A data breach solicitor will have previous dealings with data breach claims and can communicate with the organisation responsible, on your behalf. 

It’s also possible to enlist a data breach solicitor on a No Win No Fee basis, similar to personal injury claims. This means there would be no upfront fee to hire them, nor any ongoing solicitor’s fee as the claim proceeds. Payment to them would only come if your claim was successful and it’d be as a success fee; which comes as a percentage of the compensation. The percentage amount is capped by law. If your claim was unsuccessful, you would not have to pay them a success fee. 

To see if you can speak with a solicitor, please get in touch with one of our advisers. They can go through your claim with you, value your claim and potentially put you through to a data breach solicitor. You can speak with one now by: 

Data Breach Claims Against Companies 

We’ve included some additional links from the ICO you might find useful, including: 

Thank you for reading our guide to your rights after a customer service data breach. We offer guides on other topics such as:

Making A Claim For Being Dismissed For Being Off Work With Stress

Post Office Data Breach Claims

Medical Data Breach Claims

Please get in touch with our advisers for any more information you might need.

Guide by MC

Edited by RV