I Suffered A Psychological Injury After A Dentist Data Breach, What Are My Rights?
You’ll probably notice that when you use websites, buy something online, or sign a contract, there is a section where you are told how your personal information will be used. You may even have to agree to its use. This is because of the implementation of the General Data Protection Regulation (GDPR). It is designed to offer individuals (data subjects) more rights about how their data is used. In this article, we will consider what could cause a dentist data breach and what harm could result. Furthermore, we’ll show when compensation might be payable because of that harm and how much you could be entitled to claim.
Accident Claims UK has a team of friendly advisors who can help if you are thinking of claiming. Along with a no-obligation telephone consultation, we offer free legal advice. If your claim seems to be suitable, we could pass it to one of our data breach solicitors. If you decide to proceed, and your case is accepted, you could benefit from our No Win No Fee service.
To discuss your claim with a specialist advisor today, you could call on 0800 073 8801. The advisor will provide answers to as many of your questions as possible and explain your options. To learn more about making claims for a dentist data breach before calling, please continue reading.
Select A Section
- A Guide To Your Rights After A Dentist Data Breach
- Examples Of Personal Data A Dentist Could Hold About You
- What Is A Personal Data Breach Claim Against A Dentist?
- What Should A Dentist Do If They Suspect A Data Breach?
- Examples Of Action Taken By The ICO Against Medical Providers
- When Could You Claim For A Medical GDPR Data Breach?
- What Evidence Could I Need To Claim For A Medical Data Breach?
- Dental Surgery And Dentist Data Breach Compensation Calculator
- What Does Non-Material Damages Mean?
- No Win No Fee Personal Data Breach Claims Against A Dentist
- Contact An Advisor
- FAQs On Medical Data Breach Claims
- Related Guides
A Guide To Your Rights After A Dentist Data Breach
As we have moved over to the new digital era where a lot of daily activities are carried out online, personal data security has become more important. If information about you is leaked in some way, it can cause embarrassment, anxiety and could be used by criminals to try and exploit you.
Some data breaches are instigated by criminal activity, while others happen because of human error. To help protect you from breaches, the GDPR and the Data Protection Act 2018 were introduced.
GDPR requires organisations that process your personal information to have a lawful basis for doing so. That might mean that before they collect data about you, they must tell you why. Furthermore, they might need to ask for your express permission before they process it.
Where data protection rules are not adhered to, the Information Commissioner’s Office (ICO) are able to investigate. If they find the organisation guilty of not protecting personal information properly, they can issue financial penalties and guide changes in data safety measures.
However, the ICO won’t get involved in compensating you for any suffering a breach might have caused. That is why we’ve written this guide about making dentist data breach claims.
It is important to point out that data breach claims generally have a 6-year time limit. However, you may wish to confirm that with one of our advisors. That’s because, in specific cases involving human rights breaches, you could only get one year to claim.
Examples Of Personal Data A Dentist Could Hold About You
When you sign up with a dental practice, you will need to provide some personal information about yourself. Over the years, the amount of data your dentist holds about you may increase, but what could it include? Well, it is possible that your dental records will contain details such as:
- Full name.
- NHS number.
- Home address.
- Previous addresses.
- Email address.
- Mobile and telephone numbers.
- Dental records.
- Prescription details.
- Bank or card details.
In some cases, your record may also include other information as well. The GDPR protects all of the items listed as they could be used to identify you. Also, if they were to get into criminal hands, they could be used during identity theft crimes or to extort money from you.
In addition to trying to keep this type of information secure, your dentist should not share it with others without a lawful basis. For example, they couldn’t give your details to a company that wants to sell you other services without your prior consent.
What Is A Personal Data Breach Claim Against A Dentist?
While it is very common to hear about data breaches caused by cybercriminals, they are not the only type that could lead to a claim. While breaches can result from phishing emails, firewall exploits, malware or ransomware, they are also possible because a receptionist left your dental records in the waiting area meaning other patients could read them.
In terms of the GDPR, a personal data breach is caused by a security problem that allows data to be lost, accessed, altered, destroyed or disclosed using methods that you’ve not authorised or are unlawful. You could claim for the suffering that results from deliberate, illegal or accidental breaches.
Examples of dentist data breaches that could happen include:
- Where a letter containing your personal information was posted to the wrong address and the recipient accessed it.
- When a computer is on full display in the waiting area and unauthorised people view your records.
- When cybercriminals are able to access your medical records due to system vulnerabilities.
What Should A Dentist Do If They Suspect A Data Breach?
When data breaches occur, data controllers (such as dental surgeries) should:
- Investigate the cause of the breach.
- Let the ICO know that there has been a possible breach (if it’s a notifiable breach).
- Tell patients who might be at risk about the breach without undue delay.
If you are contacted by your dentist to say that your data has been exposed, the email or letter you receive could be used as evidence if you do make a claim. Importantly, on its own, a dentist data breach won’t entitle you to be compensated. You must also be able to prove that it caused you to suffer in some way.
Examples Of Action Taken By The ICO Against Medical Providers
The ICO records all action it has taken on its register of action. At the time of writing, there was no evidence of the ICO fining any dental practices. Therefore, we will look at a breach that affected a private healthcare provider instead.
In September 2018, the ICO fined Bupa £175,000 following a data protection failure. The reason for the fine was that a member of Bupa staff illegally downloaded and tried to sell personal data relating to over half a million Bupa Global customers.
The employee downloaded the information and sent it to his personal email account. Later on, the information was put up for sale on the dark web.
The fine issued by the ICO was due to the fact that Bupa did not take reasonable steps to secure customer data.
When Could You Claim For A Medical GDPR Data Breach?
We’re often asked, ‘What are the 8 rights of the GDPR?’, so we have listed them below:
- The right to be told about the use and collection of personal data.
- A right to access your personal data and copies of it.
- The right to ask for inaccurate information to be amended.
- A right to have personal data erased.
- The right to ask for the processing of personal data to be restricted.
- The right to receive copies of your data in a format that can easily be reused.
- A right to object to the use of your personal information.
- Rights that relate to the use of personal data in automated decision making.
These rights are more complex than the way we have listed them here. Therefore, to find out more, please refer to the ICO’s website.
What Evidence Could I Need To Claim For A Medical Data Breach?
Any compensation you request must be fully justified and backed up with evidence. So, what evidence could you use when claiming for a dental data breach? Well, the following could help:
- An email or letter from the defendant to confirm that they are aware of the breach or that you’ve been the victim. Under the GDPR, data controllers must contact you if they believe you’re at risk from a breach.
- Medical reports that explain what injuries you have suffered because of the data breach. You may have suffered psychologically through anxiety, for example.
- A report following an ICO investigation. This should show that a) the breach took place and b) what caused it to happen.
- Financial statements, receipts and other information to help prove what money you have lost due to the data breach.
Dental Surgery And Dentist Data Breach Compensation Calculator
Now it is time to consider potential compensation amounts for psychological injury. Whilst we have provided a compensation table below, please use the figures for guidance purposes only. That’s because no two claims are the same. A member of our team could provide a more personalised compensation figure after your claim has been assessed.
The Court of Appeal set a couple of important precedents when summarising the case of Vidal-Hall and others v Google Inc . They found that:
- You are able to claim for any injuries that result from a data breach in cases where no money has been lost, but also in cases where you have endured financial loss.
- Should compensation be awarded, it should be paid based on the same guidance used in personal injury claims.
Therefore, we have supplied figures from the Judicial College Guidelines in our table as that is the publication solicitors may use when settling personal injury claims.
|Psychiatric Injury||Severe||£51,460 to £108,620||Marked problems coping with life and managing relationships. The prognosis will be very poor and the claimant will probably won't fully recover with treatment.|
|Moderately Severe||£17,900 to £51,460||Similar problems as above but with a much more positive prognosis.|
|Moderate||£5,500 to £17,900||Similar problems again but where a good prognosis results from marked improvements that have already happened.|
|Less Severe||Up to £5,500||Factors that will impact the level of compensation include how long the symptoms lasted and how sleep was affected.|
|PTSD||Severe||£56,180 to £94,470||Permanent PTSD symptoms affecting all aspects of the claimant's life. There will be no possibility of returning to pre-trauma levels of functioning or work.|
|Moderately Severe||£21,730 to £56,180||This category is distinct from the one above because a better prognosis will be given. This will be due to the fact that specialist treatment is more likely to help.|
|Moderate||£7,680 to £21,730||The claimant would have mostly recovered with potentially only minor remaining effects.|
|Less Severe||Up to £7,680||An almost full recovery within 2 years.|
You will see that the severity of your injuries can be used to calculate the level of compensation paid. Therefore, during the claims process, we recommend you attend a medical assessment. Our data breach solicitors are usually able to make local appointments.
During your meeting, an independent specialist will assess your injuries. They will do this by reviewing your medical notes and asking questions. Once they’ve completed their review, they will report back to your solicitor. The medical report will list your injuries and explain the prognosis for the future too.
What Does Non-Material Damages Mean?
In data breach claims, you could claim for non-material damages, material damages or both. Importantly, claims can include suffering that’s already happened as well as any that might occur later on.
Non-material damages are compensation that aims to help with the pain and suffering that has been caused by a breach. The table in the previous section provided recommended amounts paid in this category. Usually, you will base your claim on any diagnosed conditions first. For instance, you may need to claim for distress or anxiety. Then you may refer to the prognosis offered in your medical report. If this suggests future suffering will occur, then that should be considered in your claim as well.
Material damages might be claimed if you have suffered financially because of the dental data breach. Your first calculation will be for any expenses, costs or monetary losses that have already been incurred. In some cases, though, you might need to add future losses to your claim too. For example, if your personal details are circulating around the dark web, it might mean you will continue to lose money.
If you decide to work with us, and your claim is accepted, a data breach solicitor will conduct a thorough review of your case. That is so they can understand all aspects of your suffering. By doing so, they can try to ensure everything is added to your claim before it’s submitted. This could give you the best chance of receiving the correct amount of compensation.
No Win No Fee Personal Data Breach Claims Against A Dentist
Losing money on legal fees is something that might worry you. However, if you decide to claim with Accident Claims UK on your side, we could help. That is because our team of solicitors offers a No Win No Fee service for all cases they take on.
Before offering this service, a solicitor will have to review the merits of your claim. Should they decide to work for you, they will provide a Conditional Fee Agreement (CFA) for you to sign. This contract shows you what needs to happen before the solicitor gets paid. Also, it will make it clear that:
- No upfront solicitor fee payment is required.
- There won’t be any solicitors’ fees payable during your claim.
- If the case is not won, you don’t have to pay any solicitors’ fees at all.
If your claim is successful, meaning you receive compensation, your solicitor will deduct a fixed percentage to cover the cost of their work. This ‘success fee’ is detailed in the CFA so you will be aware of it before the case begins. By law, success fees are capped to help stop overcharging.
Contact An Advisor
We have almost reached the end of this article about dental data breaches. Hopefully, you now know how a data breach lawyer could help you claim for the suffering caused by a breach of patient privacy. If you would like to let us help you claim, you can contact us by:
- Calling our 24/7 advice line on 0800 073 8801.
- Asking an online specialist for free legal advice in our live chat service.
- Emailing us at firstname.lastname@example.org to explain the reason for your claim.
- Arranging a callback when it’s convenient by completing this form.
When you call, we will always be open about your chances of receiving compensation. Once we’ve reviewed your case, we could refer you to one of our data breach solicitors if you wish to continue. Should your dentist data breach claim be accepted, your solicitor will provide a No Win No Fee service.
FAQs On Dental Data Breach Claims
In this section of our article, we have provided answers to some frequently asked questions. If you have any outstanding queries, please get in touch.
Can I get compensation for a data breach?
You could be compensated following a GDPR data breach if it resulted in you being harmed. Claims could be possible if you’ve suffered from conditions like distress, anxiety and depression, or where you have lost money as a result of the breach.
What is the number one cause of a data breach?
According to data from the Information Commissioner’s Office, the most common cause of cybersecurity data breaches for the quarter ending 31st March 2021 was phishing emails. For non-cyber security incidents, it was emails being sent to the wrong recipient.
What is considered a data breach?
A personal data breach, according to the GDPR, is where data that could identify somebody is destroyed, disclosed, altered, lost or accessed in an unauthorised or unlawful manner.
What is an example of a data security breach?
A simple example of a data security breach is where an employee who is authorised to use your personal information sends a letter containing your details to an incorrect recipient who then accesses it.
Thank you for reading about what harm a dental practice data breach could cause. In our final section, we have listed some extra resources that you may find useful. If you require any further information, please feel free to get in touch.
The General Dental Council: This is the UK regulator of dentists and dental practices.
Restricted Data Use: Advice on when you could limit how organisations use your personal information.
Managing Stress: NHS information on how you can get help if you suffer from stress.
Finally, here are some more Accident Claims UK articles:
Nursery Data Breach: Advice if you or your child have suffered due to a data breach caused by a nursery.
University Data Breach: If you suffered due to a university data breach, you could claim.
Private Healthcare Provider Data Breach: Information on claiming for a private healthcare provider data breach.
Thank you for reading our guide to dentist data breach claims.
Guide by BH
Edited by RV