What Are My Rights After A Lloyds Pharmacy Data Breach?

I Suffered Psychological Injuries Following A Lloyds Pharmacy Data Breach, What Are My Rights?

In this article, we are going to show what could happen following a Lloyds Pharmacy data breach. As well as looking at what harm could result from one, we’ll explain when that could lead to a compensation claim.

In the UK, we are very fortunate that we have easy access to medication through a network of pharmacies. They provide an important service as part of any treatment plan. To help them operate, your pharmacist may need to record information about you. In accordance with the General Data Protection Regulation (GDPR), they need to implement measures to try and keep that information safe.

Lloyds Pharmacy data breach

The team at Accident Claims UK could help you if you would like to claim. As part of our service, we offer free case reviews to all callers. You’re not under any obligation to make a claim, but we will provide free legal advice on your options.

Where your case has a positive chance of success, we could ask one of our data breach solicitors to consider taking it on. If they do, you’ll receive their services on a No Win No Fee basis.

To learn more about the effects of confidential patient information being leaked, please continue reading. Otherwise, why not get in touch with us today if you’re ready to discuss your claim? During your call, we’ll answer as many queries as possible and explain the options available to you. Our team of specialists can be reached on 0800 073 8801.

Select A Section

A Guide About Lloyds Pharmacy Data Breach Claims

The fact that a pharmacy may hold a lot of your personal information is not a problem in itself if you’ve given your consent. However, if that data were to be leaked in some way, it could cause problems for you. As well as causing embarrassment in some cases, it could lead to anxiety or distress.

Additionally, when data is accessed by criminals, it could lead to you (the data subject) losing money. Fortunately, new laws including the GDPR and also the Data Protection Act 2018 have been implemented to try and reduce data leaks.

Under these laws, organisations that process personal information (data controllers) must have a lawful reason for doing so. Often that will involve telling you why they want to use information about you and asking for your permission. For a more detailed look at how a lawful basis can be established, the ICO has more information on the lawful basis for processing data.

The watchdog for data protection matters in the UK is the Information Commissioner’s Office (ICO). If they are concerned about data safety problems, they have the power to:

  • Launch an investigation.
  • Issue large fines for data protection failures.
  • Issue enforcement notices so that the data controller changes its processes.

The one thing missing from that list is compensating those who have been harmed by a GDPR data breach. For that reason, we have written this guide about Lloyds Pharmacy data breach claims.

When claiming for the suffering that has resulted from some form of data breach, you need to be aware of the time limits. Mostly, the limitation period is 6 years from the date you obtained knowledge of the breach. However, cases based on human rights breaches have a 1-year time limit.

Once you are ready to discuss your case, please contact our advisors. Your case will be assessed for free and we’ll explain your options.

What Personal Data Could Your Pharmacist Hold About You?

A pharmacy is likely to need to retain a lot of information about you. As long as you remain a customer, the amount of information held might increase. In the list below, we have detailed some of the types of information your pharmacist might hold:

  • Contact details like your name, mobile number, home number, email address and home address.
  • Your NHS number.
  • Details about medical conditions.
  • Usernames and passwords if you use online services.
  • Information about any disabilities.
  • Payment details if you pay for your prescription online.
  • Repeat prescription information.

As you may imagine, the type of information listed is likely to be covered by the GDPR because it could help to identify you. The list we’ve provided isn’t comprehensive either; the pharmacist may also hold other information too.

It is important to note that as well as trying to keep your details safe and secure, pharmacies are not allowed to share or sell data about you without your permission. There are exceptional circumstances where they don’t need your consent but, for example, they couldn’t share it as part of a clinical trial or sell it to a healthcare company without seeking your permission.

If you suffered because of a Lloyds Pharmacy data breach, you would have to use evidence to support your claim. Why not ask for a free assessment of your case today?

What Are Lloyds Pharmacy Data Breach Claims?

Data breaches involving personal data can be caused by some sort of security lapse. The ICO explains that a breach has happened when personal data is lost, destroyed, accessed, changed or disclosed in a way that you have not authorised or is unlawful. Breaches can be caused accidentally or deliberately. Importantly, you could be eligible to claim for any type of data breach that causes you to suffer.

The GDPR covers personal information that is held on physical documentation as well as digital data. Common causes of cybersecurity breaches include ransomware, phishing emails, viruses, malware and denial of service attacks.

Here are some more examples of data breaches involving a pharmacy that might happen:

  • Where a letter or email containing your personal details are sent to the wrong address and the recipient accesses the information.
  • When a pharmacy’s website is hacked and your details are obtained because of poor security.
  • If another patient is given your prescription and identifies you.
  • Where a computer screen is left unlocked in full view of other customers who can see your details.

If you have suffered mental or financial damage following a pharmacy GDPR breach, why not give us a call? We’ll assess your options with you and could connect you to a data breach lawyer to represent you.

Steps Pharmacies Should Take After A Patient Data Breach

During the implementation of the GDPR, many organisations appointed a data protection officer. As part of their role, many went on to create an action plan so the organisation knew what to do in the event of a data protection breach. After a data breach, companies should:

  • Carry out a thorough investigation of the data breach. They should try to establish the cause, when it took place and who was affected.
  • Tell the ICO about the breach (if it’s notifiable)  within 72 hours of discovery and provide them with regular updates.
  • Let customers potentially affected know about the breach without delay if it poses any risk to their rights and freedoms.

Later on, we’ll look at evidence that could help you during your claim. One piece of documentation that could be particularly useful is the letter or email from the organisation showing that your data has been breached.

It is imperative, though, that we explain that just because a data breach has happened doesn’t automatically mean you will be paid compensation. To be eligible to claim, you’ll need to provide evidence that the breach caused you to suffer either mental or financial damage as well.

If you can evidence that you suffered a Lloyds Pharmacy data breach, you may be considering claiming. Get in touch with our advisors if you have evidence of a valid claim.

Examples Of Steps The ICO Can Take Following A Data Breach

Let’s now look at the action that was taken by the ICO against a pharmacy group. In 2019, it fined a London-based pharmacy, Doorstep Dispensaree, £275,000.

The reason it took this action was that the company stored some 500,000 documents relating to patients in unsecured containers at the back of its premises. It reported that some had become water-damaged due to inadequate storage conditions.

In its report, the ICO said contraventions by the company included:

  • Failing to have appropriate organisational control to ensure the security of personal data; and
  • It is possible that the data had been retained longer than required; and
  • Breaches of articles 13 and 14 of the GDPR.

You can read the full report through the ICO’s site.

When Are You Eligible To Make A Data Breach Claim?

As we have shown, data breach claims against a pharmacy might be possible if you’ve suffered as the result of a confirmed breach. In addition to your right to seek compensation, the GDPR gives you other rights as well relating to your data. They allow you to:

  • Be told about why and how your data is to be processed.
  • Be able to access any data an organisation holds about you.
  • Request that errors in personal data are rectified.
  • Request that your personal data be deleted.
  • Choose restrictions on processing.
  • Ask for data to be sent to you in a format that is easy to process.
  • Object to when and how your information is used.

Furthermore, you have rights regarding when personal data is used in automatic decision making. To read about these rights in full, please refer to this ICO page on individual rights.

If a pharmacy data breach occurs and you suffer because of it, you could be eligible to claim. Data breaches can impact your mental health and you may even find yourself suffering financial loss if your bank details were accessed by criminals. You could claim for either (or both) if you can prove you suffered in these ways because of a breach.

Evidence That Can Support Your Data Breach Claim

In all compensation claims, evidence must be supplied to help prove how you’ve suffered and who was liable. In data breach claims, that could include the following:

  • Letters or emails confirming that your data was exposed by the breach.
  • Medical records that show your injuries and the treatment you’ve undergone.
  • A report about the incident from the ICO.
  • Financial records showing the amount of money that has been lost.

Where possible, try to collect as much of this as you can prior to calling. Don’t worry if you don’t have everything though, we’ll still review your claim and explain if anything else is needed.

Calculate Compensation For A Lloyds Pharmacy Data Breach

In this section, we will concentrate on the amount of compensation that might be paid for your psychological suffering such as distress, depression and anxiety. Our compensation table, below, contains figures for guidance but we can provide a more accurate estimate when your claim has been reviewed.

During the case of Vidal-Hall and others v Google Inc [2015] at the Court of Appeal, it was held that:

  1. Compensation should be considered for mental harm that results from data breaches. The claimant doesn’t need to have endured financial loss as well. Before this case, financial damage was required to claim compensation for mental harm.
  2. When settlements for mental harm are made, they should be paid at the same rate as in personal injury law.

Therefore, the compensation table that follows contains figures from the Judicial College Guidelines. This is a document referred to by legal professionals when settling injury claims.

Injury TypeCompensation RangeSeverity
Harmed cause by the symptoms of PTSD.£56,180 to £94,470Severe
£21,730 to £56,180Moderately severe
£7,680 to £21,730Moderate
Up to £7,680Less severe
Suffering relating to general psychiatric injury.£51,460 to £108,620Severe
£17,900 to £51,460Moderately severe
£5,500 to £17,900Moderate
Up to £5,500Less severe

In order to prove your injuries were caused by the data breach, we recommend you have a medical assessment during your claim. Don’t worry though, they’re not too daunting and we can usually arrange them locally for you. The reason you need one is twofold. First, medical evidence will help establish that your symptoms are caused (or exacerbated) by the breach and not some other condition. And secondly, compensation payments for injuries are largely based on the severity of the injury, so determining this will allow your lawyer to hone in on an accurate value.

The appointment will be managed by an independent medical specialist. Their role is to try and determine how you have suffered and if you’ll do so in the future. They will try to establish this by discussing your injuries with you and checking your medical records.

Once they have finished, a report containing their findings will be sent to your solicitor.

Compensation For Non-Material Damages

When you ask to be compensated following a data protection breach, it is not just a case of requesting a lump sum of money. Anything you ask for must be based on fact and evidence. Furthermore, you may need to request damages for the suffering that’s happened already plus any that might occur later on.

Your claim could be broken into two main elements. The first is called material damages. This is compensation for financial suffering. It can include losses, expenses or costs associated with the data breach. First of all, you would claim for any money that has already been lost. You may also have to consider future costs too. For example, you may continue sustaining losses if data about you is being circulated by criminal gangs on the Internet.

The other head of claim is called non-material damages. This aims to compensate for any suffering or pain caused by the GDPR breach. You will usually look at claiming for diagnosed conditions first. These can range from anxiety to depression. After that, you might need to factor in future suffering that has been highlighted by your medical assessment too.

All in all, the claims process can become quite complex. For that reason, we would always advise taking on specialist legal representation. We believe that when you do, there is a higher chance of being compensated correctly.

If you wish to work with us, and one of our data breach solicitors accepts your claim, they will perform a thorough assessment. This is so that they can get a full understanding of the harm you’ve sustained before compiling your claim.

No Win No Fee Pharmacy Data Breach Claims Against Lloyds Pharmacy

If you’re feeling anxious about losing money in solicitor’s fees if your case doesn’t work out, we can help. That’s because we have a team of data breach solicitors who operate a No Win No Fee service for all accepted claims. You could benefit from the experience of our team.

Before we can accept a claim, a solicitor from our team will need to assess it. If they agree that it is suitable, you could receive a Conditional Fee Agreement (CFA). The formal name for a No Win No Fee agreement, this states what your solicitor needs to do before they’re paid. Also, the CFA shows that:

  • You don’t need to make an advance payment to cover the solicitor’s work.
  • The solicitor’s fees are not requested while your claim is being worked on.
  • Should your claim not succeed, you don’t have to pay for your solicitor’s work.

The only time your solicitor will be paid is if you receive a compensation payout. Rather than sending funds to cover their work, your solicitor will simply deduct a small portion of your compensation. This is called a success fee and the percentage payable is listed in the CFA. By law, such fees are capped.

To check if your claim could be handled using our No Win No Fee service, please get in touch today.

Contact A Claims Advisor

Thank you for reading this article on what you could do if you can prove you suffered a Lloyds Pharmacy data breach. Hopefully, our information has made things a bit clearer for you. If you are now thinking of claiming and would like our support, you can:

When you contact our team, we’ll offer an honest opinion about the chances of winning your case. If it appears suitable, we could pass it to one of our data breach solicitors. For your convenience, our advice line operates 24 hours a day, 7 days a week.

FAQs About Breaches Of The GDPR

Now we are going to spend a little time answering some questions about the GDPR. If you would like more information or have any further queries, please let us know.

What is the General Data Protection Regulation?

The GDPR is a set of rules that helps keep personal data safe. It is designed to give individuals more control over how their data is used and to reduce the number of data breaches. It is enacted into UK law under the Data Protection Act 2018.

What fines could the ICO issue?

The Information Commissioner’s Office has the ability to issue financial penalties worth millions. The fine can be issued for failure to secure personal data or failure to comply with an enforcement notice, for example.

What are the responsibilities of a data controller?

Data controllers have a number of duties in relation to the GDPR. Generally, they control why data processing is needed and how it will be carried out. The data controller can use data processors to conduct these tasks where required.

Related Articles

Now that we have arrived at the final section of our guide on Lloyds Pharmacy data breach claims, we are going to provide some additional information that may be helpful to you. If there is anything else that you require, please call the number at the top of the page.

Pharmacy Search: A tool from the General Pharmaceutical Council where you can search for a pharmacy, pharmacist or technician.

Recent ICO Action: An up-to-date database showing the fines and enforcement action taken recently.

Finally, here are some more of our relevant guides for your information.

Comparison Site Data Breaches: Advice on claiming for any suffering caused by a comparison site data leak.

Psychological Injuries: This article explains the types of psychological injuries that could be claimed for following a data protection breach.

Optician Data Breaches: In this guide, we explain your rights if you are affected by an optician data breach.

Thanks for reading our guide on what to do following a Lloyds Pharmacy data breach.

Guide by BH

Edited by RV