By Jo Jeffries. Last Updated 19th April 2022. Welcome to our guide, which explains how to claim against a pharmacy for a data breach. In it, we explain who could make a pharmacy data breach claim. We explained what could happen if a pharmacy breached patient data, and discuss how does GDPR affect a pharmacy. Further to this, we explain how we could help eligible claimants claim the compensation they deserve.
Could You Make A Pharmacy Data Breach Claim?
Have you experienced a pharmacy data breach? If so, unauthorised parties may have accessed your personal medical records or other confidential information. As a result of the violation of your privacy, you may have suffered emotional distress. Furthermore, cybercriminals with malicious intent may have used your personal data to target you for fraud or identity theft. This can lead to financial losses.
Under the General Data Protection Regulation and the Data Protection Act 2018, data controllers (who decide how and why your data will be used) should take measures to protect your data. An example of a potential data controller is a pharmacy.
I Suffered A Psychological Injury After A Pharmacy Data Breach; What Are My Rights?The Information Commissioner’s Office has the power to fine a pharmacy for a data breach. In addition, individuals who have been affected by a data breach could make a data breach claim for compensation. The compensation payout could cover you for any emotional distress or psychological injuries suffered due to the breach. What’s more, you could be reimbursed if you have experienced financial losses because of a data breach.
Accident Claims UK could help you if a pharmacy has breached your personal data. Whether you are a customer or an employee, we could put you in touch with a data breach solicitor to handle your claim. To see if you could claim compensation for a data breach in a pharmacy, contact us now on 0800 073 8801 or use our live chat. Alternatively, continue reading this guide to learn more.
Select A Section
- A Guide To Pharmacy Data Breach Claims
- What Personal Data Could A Pharmacy Hold About Me?
- Learn More About Personal Data Breach Claims Against A Pharmacy
- What Should A Company Do After A Data Breach?
- Examples Of Action Taken By The ICO For Pharmacy Data Breaches
- When Could You Make A GDPR Data Breach Claim?
- What Evidence Could Support Your Pharmacy Data Breach Claim?
- Pharmacy Data Breach Compensation Calculator
- Types Of Non-Material And Material Damages That Could Be Claimed
- No Win No Fee Patient Data Breach Claims Against A Pharmacy
- Talk To An Advisor
- FAQs On GDPR Breach Compensation Claims
- Related Data Breach Guides
In the United Kingdom, all data controllers should follow the General Data Protection Regulation (GDPR), enacted into UK law through the Data Protection Act 2018. This is a piece of legislation that upholds data protection principles such as individuals’ right to privacy and security.
How does the GDPR affect pharmacies?
Pharmacies have a legal duty of care regarding any personal data they collect. To protect personal data, pharmacies should set up strong internal processes. This includes providing staff with data management training and, in addition, having a robust cybersecurity network to protect their databases.
In this guide, we will explain what a data breach at a pharmacy is. We will look at how data breaches can happen and the consequences of a data breach. We will also look at what legislation exists to protect the public from data breaches.
What can you do if you were affected by a data breach? Under the GDPR, you have the right to make a data breach compensation claim. If successful, you could receive damages for any emotional distress or financial losses you incurred.
Call us today if a pharmacy has breached your data protection rights. We can connect you with a skilled data breach lawyer to handle your compensation claim on a No Win No Fee basis.
Time Limits For Pharmacy Data Breach Claims
In the UK, the time limit for making a data breach claim is 6 years. However, the time limit is one year if the data breach involved a public body. We recommend that you contact Accident Claims UK immediately to avoid falling outside of the claims time limit.
Personal data is information that could be used either on its own or with other data to identify a person. For example, personal data could be your name, address or date of birth. It is normal for pharmacies to hold personal data about their customers, employees and other individuals with whom they may have a business relationship.
However, pharmacies must uphold the data protection rights of the individuals they collect personal data from, especially if they are handling sensitive customer data such as personal medical records and prescriptions.
Examples of customer personal data that a pharmacy could hold include the following:
- Date of birth
- Telephone number
- Email address
- Bank details
- Credit card details
- Medical records
- Past and previous prescriptions
Pharmacies may also collect job-specific information on their employees. This can include job titles, job locations and details of the performance reviews. You could suffer an employer data breach just as easily as a customer data breach.
A pharmacist data breach is a security breach at a pharmacy regarding the protection of personal data. For example, it may involve a patient’s prescription being shared with an unauthorised individual without consent or unlawfully.
A data breach occurs when a breach of security means personal information is accidentally or unlawfully destroyed, lost, altered, disclosed, or accessed. Examples of data breaches include:
- Leaking personal information
- Data exposure incidents
- Unauthorised individuals gaining access to data
- Data becoming encrypted or altered, lost or stolen.
Many data breaches at pharmacies happen by accident. For instance, a prescription may be lost, but found by an unauthorised individual. Or a customer might be given the wrong prescription with details of someone else’s medication.
Is a pharmacy losing a computer prescription a pharmacy data breach?
If the pharmacy lost personal data, it would be considered a data breach. Unauthorised individuals could access the customer’s data if they find it.
Unfortunately, data breaches can also occur if criminals target a pharmacy. Criminals may use a technique known as hacking to gain unlawful access to the pharmacy’s computer systems. Or they may use malware (malicious software) to steal or wrongfully access pharmacy databases.
Consequently, criminals can hold the data to ransom or use it for blackmail. On the other hand, fraudsters may use the stolen data to carry out identity theft. This can lead to the victims of a data breach losing money over time.
Has a pharmacy breached your personal data causing you to suffer? Then you may be eligible to claim compensation. Call Accident Claims UK today for your free consultation to see if you could claim compensation.
As we have mentioned, the Data Protection Act 2018 is legislation that upholds individuals’ rights when their data is collected. These individuals are known as data subjects. Pharmacies should uphold the rights of the data subject when they collect, process and store their data.
Pharmacies should do the following when they collect, process and store data from data subjects (though there are exceptions):
- Firstly, a pharmacy should only collect personal data if they have permission from the data subject.
- Secondly, the pharmacy should explain why they are collecting data from the data subject. The pharmacy shouldn’t use the data for any other purpose.
- Moreover, the pharmacy should keep the personal data up-to-date.
- And finally, the pharmacy cannot share personal data without consent from the data subject.
The Information Commissioner’s Office may intervene if a data breach occurs. The Information Commissioner’s Office may investigate pharmacies that commit a data breach. Consequently, the ICO may fine a pharmacy for a data breach. What’s more, the individuals whose personal data was breached may be entitled to claim compensation if they suffer because of the breach.
Pharmacies should report a notifiable data breach to the ICO within 72 hours. Similarly, those who were affected by the data breach should be informed by the data controller as soon as possible.
We will now examine a case study where the ICO fined a London pharmacy for a data breach. Doorstep Dispensaree Ltd is a London-based pharmacy. The company provides medication to individual customers and to care homes. Doorstep Dispensaree Ltd committed a pharmacist data breach when they left 500,000 documents in unsecured containers at the back of their premises.
Doorstep Dispensaree used containers to store the documents in, which were unlocked. Unfortunately, some of the documents suffered water damage because they hadn’t been appropriately protected against the elements.
The data breach involved the following personal information:
- Dates of birth
- NHS numbers
- Medical information
Consequently, the Information Commissioner’s Office fined Doorstep Dispensaree Ltd £275,000 for the data breach. The breach was caused by the careless storage of medical records and other personal data.
We recommend you take the following steps if you were affected by a pharmacy data breach. Firstly, contact the pharmacy where the data breach took place. The business may be able to resolve the problem internally.
However, what should you do if you are not satisfied with the response from the company? We recommend you report the data breach to the ICO. The ICO may investigate.
After that, you could contact Accident Claims UK to see if you have grounds to claim compensation. To be eligible to claim compensation, your personal data must have been breached. And, as a result, you must have experienced suffering (such as emotional distress or financial loss).
We will speak to you in-depth about your ordeal. Additionally, a skilled data breach lawyer could be assigned to work on your case if they can see that you have a formidable claim and are owed compensation.
The Rights Of Data Subjects
The following rights of data subjects are protected under the data protection legislation. These include the right to:
- Be informed
- Access your own data
- Restrict data processing
- Data portability
- Rights related to automated decision-making and profiling.
- Withdraw consent at any time (where relevant)
- Complain to the ICO
Do you wish to make a compensation claim for a data breach that caused you to suffer? You (or your solicitor, if you choose to use their services) will need to present evidence to support your compensation claim.
The following could count as evidence to support a pharmacist data breach claim:
- A report to the ICO that the data breach has taken place.
- A data breach notification that you received from the company.
- Your medical records, if you suffered psychological injuries such as Post-Traumatic Stress Disorder (PTSD)
- Similarly, you can present banking information to prove your financial losses.
Let us now turn to looking at the compensation amounts you could claim for psychological injuries such as data breach distress. If you’re wondering how much you could claim for a pharmacy data breach that is caused you psychological injuries, the answer would depend on the level of suffering you’d experienced. We have provided a rough indication of figures for specific psychological injuries in the table below. We could provide you with more personalised information over the phone, however.
Two important legal precedents could affect your claim for psychological injury compensation from a pharmacy data breach. The first, Vidal-Hall and others v Google Inc  set a precedent that means you could claim for psychological injury compensation irrespective of whether you had suffered financial loss.
The second, Gulati & Ors v MGN Ltd . Means that you could claim a similar level of compensation to that in personal injury claims for psychological injuries.
The table below uses figures from the Judicial College Guidelines. This legal publication could be used by data breach solicitors as well as the courts to come to a value for your claim.
|Psychological Injury Type||Notes On The Injury||Estimate Of The Settlement|
|Less Severe PTSD||A full recovery should be made within a 1 to 2 year period. Only minor symptoms would persist.||Up to £7,680|
|Moderate PTSD||Victims already should have made a full recovery when the claim is made. The claimant could still experience some residual effects of PTSD.||£7,680 - £21,730|
|Moderately Severe PTSD||Victims in this category should already have made some degree of recovery.||£21,730 - £56,180|
|Severe PTSD||The person affected will not be able to function as they did before the trauma and permanent effects will be involved.||£56,180 - £94,470|
|Less Severe Psychiatric Damage||The person who has been affected will suffer factors such as impairment of daily activities and sleep. The level of compensation will take account of the lasting effects on the claimant.||Up to £5,500|
|Moderate Psychiatric Damage||Victims may experience problems in areas of their life such as in training and education, work or general relationships.||£5,500 - £17,900|
|Moderately Severe Psychiatric Damage||Victims might experience problems with factors already highlighted. Victims should have a better outlook than the most serious category.||£17,900 - £51,460|
|Severe Psychiatric Damage||Victims might have suffered severe forms of psychiatric injury which could cause issues with relationships, training, work or education and the prognosis would be very poor.||£51,460 - £108,620|
The amount of compensation you could receive may vary, depending on the consequences of the data breach on you. Moreover, this table does not include estimates for any material damages you could receive.
What types of damages could you claim for a pharmacy data breach? You could claim the following:
- Material damages
- Non-material damages
Unfortunately, criminals may use stolen personal data to target the owner for identity theft or fraud. Therefore, to cover the cost of any financial losses the data breach has caused, claimants can receive material damages.
What’s more, people who have experienced a data breach may suffer emotional distress and trauma. This could be especially true if personal medical records were breached. In particularly unhappy cases, a data breach victim may develop psychological injuries such as anxiety. This can have a detrimental effect on their quality of life. Therefore, the claimant could receive non-material damages for these injuries.
Some solicitors handle data breach claims on a No Win No Fee basis. This is sometimes called a Conditional Fee Agreement. What does No Win No Fee mean? It is a contract whereby the solicitor will agree to meet certain conditions before they charge you a solicitor’s fee.
A No Win No Fee agreement means that:
- You won’t have to pay an upfront solicitor’s fee.
- You won’t have to pay a solicitor’s fee if your claim is unsuccessful.
- There’ll be no need to pay a solicitor’s fee while your claim is ongoing.
What happens if your data breach claim is successful? Your solicitor would deduct their fee from your compensation payout in the form of a legally capped ‘success fee‘. To see if your claim can be funded by a No Win No Fee agreement, call Accident Claims UK to speak to an advisor.
To begin your pharmacy data breach compensation claim, call Accident Claims UK to speak to an advisor. After that, we could connect you with a data breach lawyer to start working on your claim.
Contact us using the details below:
- Call us on 0800 073 8801.
- Use our online compensation claims form.
- Ask our advisors a question using our live chat.
Let’s take some time to answer some frequently asked questions about claiming compensation for a data breach.
What is a GDPR data breach claim?
A data breach is a security incident that compromises the protection of personal data. Under the General Data Protection Regulation (GDPR), organisations should protect the data they hold. Therefore data breaches violate the GDPR. Individuals could claim compensation from the data controller responsible for not protecting victims from a data breach.
How Common Is A Pharmacy Data Breach?
When we look at the statistics surrounding the sectors in which data breach reports have been sent to the ICO, we can see from Quarter 2 of 2021- 22 that healthcare is the sector that most commonly experiences data breaches.
You might be surprised, however, to learn that the most common causes of data breaches are not related to cybercriminality. Instead, the most common cause of data breaches in Q2 was sending data via email to the wrong person. Unfortunately, we do not have data directly relating to how many pharmacy data breaches there has been to this point. However, this should give you a picture of how common such healthcare data breaches could be.
How long do I have to make a claim?
There is a time limit for beginning a data breach claim in the UK. The limit is six years. However, if the case involved a human rights violation, there is a one-year time limit.
What are the different types of data breaches?
Here are some of the different types of data breaches:
- Personal data is lost
- Personal data is accessed by unauthorised persons
- Data is stolen
- A data exposure incident takes place.
How does GDPR affect a pharmacy?
When it comes to the effects of GDPR on a pharmacy, the rules for GDPR apply just as stringently as other organisations. Pharmacies must keep personal, financial and medical information secure. Should they act wrongly, exposing a patient’s personal data, it could cause significant harm to the affected party. They could suffer loss of privacy, financial loss and mental distress.
If you have fallen victim because a pharmacy breached your patient data, please call our team. We could assess your eligibility to make a pharmacy data breach claim.
What are the most common reasons for data breaches?
We can look to the ICO to find the most common reasons for data breaches. As you can see from the ICO’s Q3 2021-22 data breach figures, the most common cause was data being emailed to the wrong recipient.
Could I make a claim against a pharmacy for a data breach if it hasn’t harmed me?
Simply put, to make a claim, you would have to have suffered some kind of harm. This could be financial, or it could be psychological. If you haven’t been harmed in any manner, you would not be able to make a pharmacy data breach claim.
Could I make a pharmacy data breach claim following a cyber attack?
Cyber attacks could lead to patient data being breached. To make a pharmacy data breach claim, you would have to, however, prove the pharmacy had acted wrongly and that you’d suffered financial harm or non-material damage as a result. For example, they may have failed to secure your data from attack by leaving computer equipment insecure.
External Guides Relating To A Pharmacy Data Breach Claim
A guide to personal data breaches from the Information Commissioner’s Office (ICO).
An ICO guide to identity theft and how to prevent it.
Government guidance on data breaches.
Thank you for reading our guide to pharmacy data breach claims.
Guide by HC
Edited by RV