By Jo Jeffries. Last Updated 10th August 2022. In this guide, we’ll explain what an employer data breach is, and when you could claim compensation for harm caused by a breach of the data protection act by an employer. We’ll talk about who could make a data breach claim if a breach of data protection at work occurs and what happens if an employee breaches GDPR. We also offer tips on proving a data protection breach at work, and what data breach compensation you could receive. Further to this, we answer questions about a breach of data protection at work, such as ‘can you get sacked for breaching data protection?’ and ‘what happens if an employee breaches GDPR?’ We even look at questions such as “my manager has breached my confidentiality, can I sue?” and show you how to claim for your data breach and the harm it’s caused you.
I was harmed by a data protection breach at work – can I claim?
It is normal for employers to collect personal data from their employees. However, businesses and organisations have a duty of care towards their employee’s data. Essentially, employers should have data security procedures to protect their employee’s data. So what happens if an employer data breach takes place? The employer may need to deal with the ICO, but (additionally) the employee could suffer emotional data breach distress or financial losses. Therefore, an employer may have liability for any damages caused by a breach of the data protection act by an employer.
I Suffered A Psychological Injury After An Employer Data Breach. What Are My Rights?Clients often ask us questions such as ‘What happens if an employee breaches GDPR?’ and ‘can I sue my employer for a data breach?’ You may have grounds to claim compensation if a data protection breach has occurred and you’ve suffered as a result. Fortunately, Accident Claims UK could help you with your potential data breach claim for compensation. We could put you in touch with a skilled data breach solicitor to handle your compensation claim.
Contact Accident Claims UK for your free consultation:
Select A Section
- A Guide To Employer Data Breach Claims
- Personal Data That My Employer Can Hold About Me
- What Is An Employer Data Breach Claim?
- What Happens If An Employee Breaches GDPR?
- Steps An Employer Should Take If They Have Had A Data Breach
- Examples Of Action Taken By The ICO Against Employers
- When Could You Claim For A GDPR Data Breach By An Employer?
- What Evidence Do I Need To Make An Employer Data Breach Claim?
- Employer Data Breach Compensation Calculator
- Types Of Non-Material And Material Damages You Could Claim For A Breach Of Data Protection By An Employer
- No Win No Fee Employer Data Breach Claims
- Contact An Advisor To Make An Employer Data Breach Claim
- Employer Data Breach Claim FAQs – Learn More About A Breach Of The Data Protection Act By An EmployerAnd What Happens If An Employee Breaches GDPR
- Related Guides Explaining What Happens If An Employee Breaches GDPR
When you start working at a new job, your employer will usually collect personal data from you. This can include personal details such as your name, date of birth, equality and diversity information and bank details. Over time employers will also collect data that is relevant to your role, such as details of performance reviews and promotions.
Employers should do the following to protect their employees’ data privacy and security.
- Firstly, employers have a duty of care towards their employees’ personal data. This means that they should protect the data so that it is not unlawfully or accidentally accessed, disclosed, lost, destroyed or altered. To do this, they could train staff on ineffective data management techniques and implement data security systems, for example.
- Secondly, employers could be held liable if they cause a personal data breach and you suffer because of it. You could sue your employer for the data breach and claim compensation.
Data breach claim information
In this guide, we will explain how an employer data breach can take place. We will also look at how to sue for breach of the data protection act by an employer if you have a valid claim.
Victims of data breaches can suffer emotional distress or psychological injuries. They can also lose money to fraudsters. If this happened to you because of an employer’s data breach, you could have a valid claim.
Contact Accident Claims UK to speak to us about your ordeal. We could put you in touch with a data breach solicitor to start working on your claim if we can see that you are owed data breach compensation.
Here are some examples of personal data that your employer could hold about you.
- Special category data (such as racial or ethnic origin or trade union membership)
- National Insurance Number
- Financial information
- Date of birth
- Email address
- Telephone numbers
- Bank details
- Job location
- Payroll data (such as tax codes)
- Performance review information
- Information regarding promotions or demotions
- Your password(s) for their computer network
Your employer should safeguard your personal data. So you may be able to claim compensation if a data breach at work takes place and you suffer as a result.
An employer data breach occurs when an employee’s personal data is accidentally or unlawfully destroyed, lost, altered, disclosed or accessed. This violates the data privacy rights and security of the employee. If the employee suffers mentally or financially because of the breach, they could make a claim.
The following occurrences could count as data breaches:
- Personal data becomes lost or stolen, altered or encrypted
- A data leak or data exposure incident occurs
- Unauthorised third parties access the data
- Data is shared without permission
Data breaches can happen for various reasons, one of which is human error. For example, a breach can occur if a staff member accidentally attaches a file containing an employee’s personal data to a mass email. Even though this was a mistake, it could still be considered a breach of the Data Protection Act by an employer.
At other times, criminals may deliberately cause data breaches. For example, an organisation may be the victim of a hacking attack or cyber-attack. This could lead to criminals accessing employees’ personal data. These criminals may end up using this personal data to commit identity theft or fraud. This could potentially result in financial losses for the victim.
Claimants may wonder, ‘Can I sue my employer for a breach of data protection?’ You may be eligible to claim compensation if you can prove that your employer failed to take the correct steps to protect your personal information. For more advice on starting a potential data breach claim, contact Accident Claims UK.
As we have mentioned, if an employer determines the purpose and means of processing your data, they’re responsible for protecting your data. As a data subject, you have rights. A data subject is an individual whose personal information has been collected by an organisation. In this case, the data subject is an employee.
Employers should do the following to protect their employees’ data:
- Firstly, employers should advise you why they want to collect your personal data and how they intend to use it.
- Secondly, the employer must not share the employee’s personal data without obtaining their prior consent, unless in certain circumstances.
- Similarly, the personal data can only be used by the employer for the purpose that it was collected.
- Furthermore, the employer must follow all relevant data protection laws.
- Finally, the employer must keep the personal employee data they collect up to date.
Employees can claim compensation if a breach of the Data Protection Act by an employer takes place and they suffer because of it. They could settle the data breach claim out of court.
What should an employer do if they realise that they have committed a personal data breach? They should report the breach to the Information Commissioner’s Office (ICO) within 72 hours, providing it’s a reportable breach of the data protection act by an employer.
Who is the Information Commissioner’s Office?
They are a public body in the UK that is responsible for upholding the data protection rights of the public.
Does the ICO enforce GDPR?
Yes. The ICO will investigate organisations when they breach the GDPR. The Information Commissioner’s Office can issue the organisation with an ICO fine, and these fines can be tens of millions.
An employer could be issued with an ICO fine if they commit a data breach. Let’s look at a case study of an ICO fine issued for data protection breaches by employers.
Carphone Warehouse Employer Data Breach
The ICO fined mobile phone company Carphone Warehouse in 2018. This is in response to a substantial work data breach. Carphone Warehouse was the victim of a cyber attack in 2015. As a result, the criminals were able to access the personal data of over 1,000 employees. 3 million customers also had their personal data breached.
Here are some examples of personal information that was breached:
- Phone numbers
- Dates of birth
- Marital status
The criminals also accessed historical payment card details belonging to over 18,000 customers. Because Carphone Warehouse failed to protect their customers’ and employees’ data, they were issued a £400,000 fine by the ICO.
How Can A Data Breach Happen?
Let’s look at what can cause a workplace personal data breach:
- An organisation can send a letter to the wrong address, therefore sharing an employee’s personal data without their permission.
- A receptionist can leave their monitor unlocked so that public members can see private information on their screen.
- A worker can transfer files that contain employee data onto their personal USB stick. The device may become lost or stolen.
- Similarly, an employee may accidentally upload files containing personal data to a cloud storage system. This could enable unauthorised persons to access personal data.
Those from outside the organisation can also cause data breaches. For example, a breach of data protection can also occur if the organisation is the target of a cyber attack and the employer hasn’t protected your data properly. Criminals may use malware such as rootkits, spyware, bots or viruses to access a business’s computer system.
Whether you’ve suffered having your personal data breached by your employer in a post office data breach, a school data breach or a university data breach, if the organisation acts wrongfully, you could be eligible to claim. You would need to evidence that you were harmed by the exposure of your data in the breach.
You could sue your employer for a breach under the following circumstances:
- Firstly, a personal work-related data breach must have taken place and you should have been the victim.
- Secondly, you must have suffered emotional distress (non-material damages) or financial losses (material damages) or both because of the data breach.
Although victims of data breaches can claim compensation directly, many people prefer to appoint a data breach solicitor to handle their claim. The solicitor can value their claim accurately to make sure they receive the correct amount of compensation.
To discuss your potential compensation claim, call Accident Claims UK.
You should provide evidence to prove that you have been affected by a data breach.
Firstly, your employer should have reported the breach to the ICO if it poses a risk to you. Your employer should have also sent you a notification about the breach. You can use this notification as evidence to prove that the data breach took place.
Secondly, you may have been psychologically injured because of the data breach. Therefore, you could use your medical records to prove your psychological injuries, such as mild cases of Post-traumatic stress disorder, for example. You should also have an independent medical assessment of your injuries and a report from that could be used as evidence.
Finally, records from your bank may be used as evidence of financial losses incurred.
Many people who are considering suing their employer for a data breach, are interested to know how much compensation they could claim. You can use the table below to estimate how much you could claim in non-material damages. This is compensation for any emotional distress incurred. The table does not include how much compensation you could claim in material damages (financial loss).
|Type of injury sustained||Classification Of Severity||Description of injury and comments||Estimated compensation|
|Post-Traumatic Stress Disorder||Severe||The claimant will have suffered permanent effects.||£59,860 to £100,670|
|Post-Traumatic Stress Disorder||Moderately severe||The person who has been affected will have suffered the effects and symptoms of PTSD. This person should have a better prognosis than the person below.||£23,150 to £59,860|
|Post-Traumatic Stress Disorder||Moderate||The person affected should already have fully recovered by the time of the claim. The claimant could still have some residual effects of the post-traumatic stress disorder. This should not grossly disable the claimant.||£8,180 to £23,150|
|Psychiatric Damage (General)||Severe||The victim could have suffered a very severe form of psychiatric injury. They could experience problems with the issues which are highlighted above.||£54,830 to £115,730|
|Psychiatric Damage (General)||Moderately severe||The victim may have problems with factors highlighted such as work, education and relationships. This victim may have a better outlook than the person below.||£19,070 to £54,830|
|Psychiatric Damage (General)||Moderate||The person who has been affected could experience difficulties with continuing in work or education. They could also be left with problems in maintaining relationships.||£5,860 to £19,070|
|Loss of income||-||Due to psychiatric injury||Dependent on losses|
|Medical costs||If not free on NHS||Incurred due to psychiatric injury||Dependent on expenses|
|Travel costs||-||Incurred due to psychiatric injury||Dependent on expenses|
The compensation amounts in this table are based on guidelines from the Judicial College. Of course, how much compensation you receive may vary depending on the circumstances of your case. Please call Accident Claims UK to speak to an advisor and we can estimate how much your claim could be worth.
Types Of Non-Material And Material Damages You Could Claim For A Breach Of The Data Protection Act By An Employer
For many people, a data breach is the 21st century equivalent of having your house broken into. Many people suffer emotional distress at having their privacy violated, especially if private information was breached. In addition, the trauma can cause some individuals to suffer psychological injuries. For example, they may develop depression, a problem with anxiety or PTSD.
Similarly, victims of data breaches may suffer financial losses. This is because fraudsters may use breached data to steal from a data subject or target them for identity theft or fraud.
Therefore, up to two heads of claim can be claimed:
- Material damages, which compensates the claimant for any money lost.
- Non-material damages, which compensates the claimant for any emotional distress or psychological injuries suffered.
A great advantage of claiming compensation through our solicitors is that they can handle your claim on a No Win No Fee basis. Traditionally, claimants pay an upfront fee to their solicitor. However, if you make a No Win No Fee claim, you will not be charged a solicitor’s fee ahead of your claim. Instead, you would be charged a success fee if your solicitor wins your claim.
Why do some people prefer to make a No Win No Fee data breach claim?
Well, in the unlikely event that your claim is not successful, you won’t have to pay a success fee. What’s more, because there’s no upfront solicitor’s fee to pay, many people find it the more affordable way of funding a solicitor.
Our solicitors offer a No Win No Fee agreement (Conditional Fee Agreement) to those with formidable claims, so call Accident Claims UK today to see if you have a valid case.
Are you the victim of a data breach? Then you may be owed compensation for any financial losses or emotional distress incurred. To begin your claim, please contact Accident Claims UK to speak about the incident with an advisor. We could appoint a data breach solicitor to start working on your claim if we can see that you have a formidable claim. However, if you’d just like free legal advice, you’re under no obligation to use the services of our solicitors.
Contact Accident Claims UK using the details below:
- Call us on 0800 073 8801.
- Make an online enquiry using our form.
- Chat to us using the chat on the right-hand corner of your screen.
Employer Data Breach Claim FAQs – Learn More About A Breach Of The Data Protection Act By An Employer And What Happens If An Employee Breaches GDPR
We will now answer some frequently asked questions about data breaches and making a data breach claim.
What happens if an employee breaches GDPR?
Businesses should take their GDPR responsibilities seriously. This includes training employees in how to protect personal data. If they fail to do so, and an employee breaches GDPR, this could have consequences. The company could face fines and investigation by the ICO.
In addition, those who’ve had their data breach could claim compensation if they’ve been harmed by the breach.
Can you be sacked for breaching GDPR?
This depends on the situation and your employer. If it is due to lack of training on their part, sacking you could lead to a claim for unfair dismissal. However, if you deliberately breach GDPR, your employer could launch disciplinary action against you.
What happens if an employee breaches GDPR? Should they tell their employer?
If you become aware that you have breached GDPR, you should inform your employer so they can take remedial action. Swift action could prevent problems getting worse.
What happens if an employee breaches GDPR? Can they be fined?
In some cases, people have been fined for breaching GDPR. This would depend on the nature and circumstances of the breach.
Can you claim for a breach of data protection by your employer if you’ve not suffered any harm?
You would need to demonstrate that you had suffered harm. This could be material (financial) or non-material) and could include psychological harm. To have a free case assessment, please contact our team.
What are data subject rights under the GDPR?
A data subject is an individual whose data is collected, processed and stored. Under the General Data Protection Regulation, data subjects have many rights including the right to:
- Be informed of what their data will be used for.
- Have inaccurate data rectified.
- In certain circumstances, to object to data processing.
How do you report an employer for breaching data protection after a data protection breach at work?
What should you do if you believe your employer has breached your personal data. We recommend that you complain formally to your employer. However, if you are not happy with your employer’s response they take no further action where they should, you can raise your concerns with the Information Commissioner’s Office.
Are there different types of Breach Of The Data Protection Act By An Employer?
There are several ways that personal data can be breached. A privacy rights data breach can happen because of an error made by an employee at an organisation. However, data breaches by GPs, hotels or other organisations can also happen because of hacking attacks, device theft or insider theft.
Employer data breach statistics by sector – Did you suffer a data protection breach at work?
If you are interested in learning about how often different industries suffer data breaches, we can look to the IC oh for guidance on this. While the figures below do not differentiate between employee data breaches and those affecting other members of the public, we can take a look at these as some reference of how common breaches could be.
The graph above shows how many data breaches were reported in the top 5 sectors within Quarter 2 of 2021-22. As you can see, one of the top industries affected by data security incidents was the health sector. This was followed by education and childcare, finance, insurance and credit, and then local government.
You might be surprised to learn that of the 2431 incidents reported during this period, vast majority, 1717, were not related to cyber security incidents. If we take a further look at the statistics by cause, you can see the most common cause of data security incidents related to sending data to the wrong recipient by email. Auto-fill might play a part in this but people could also make typing errors when sending emails that could result in information going to the wrong party.
What happens if an employee breaches GDPR? – Getting help if a data protection breach at work happens to you
Whether your employer data breach was the result of someone sending the wrong email to the wrong party, or whether it was the result of a failure to redact information or BCC people into an email, we could help. So long as you could prove that a data breach occurred, your data was exposed, and it caused you harm, we would be happy to check your eligibility to claim. We could then provide you with a No Win No Fee solicitor who could fight for compensation for a breach of the Data Protection Act by an employer.
What could be the cause of a data protection breach at work?
If we look at the ICO statistics from Q3 2020 we can see that there have been several different types of data breach reported. You might be surprised to see that many incidents reported were not related to cyber security. In fact, the top cause was data being emailed to the wrong recipient.
What are some top tips on proving a data protection breach at work?
We could provide you with some top tips on proving a data protection breach over the phone. However, there are a few general tips below:
- You could contact the organisation that breached your personal data about the incident
- Seek assistance for any mental/emotional harm you’ve suffered because of the breach
- Keep a diary of how you’ve been affected by the data protection breach at work
- Retain all paperwork possible relating to the breach and the financial damage it has caused you
Additionally, you can call our team for a free case assessment, so we can work out if you’re eligible to claim compensation.
Can you sue for a data breach if it hasn’t harmed you?
You cannot sue for a data breach if you’ve not suffered any financial damage or psychological harm because of it. For a claim to be possible, the data protection breach at work would need to have breached your personal data, and harmed you as a result. The harm you suffer could be financial, emotional or both. You would also need to evidence that your employer had acted wrongfully, causing the breach to happen.
Can you get sacked for breaching data protection?
Each organisation will have its own approach to handling personal data being exposed. For more information on this, you should refer to your employer.
What happens if an employee breaches GDPR?
Organisations are responsible for training their staff on how to handle personal data. If a personal data breach occurs because an employee did not receive this training, then you could be entitled to receive compensation for any harm caused.
How long does it take to claim for a data protection breach at work?
The length of time it takes for a data protection breach at work claim to process could vary. If your employer immediately admits liability and offers a fair settlement, your claim could be settled relatively swiftly. However, if they dispute liability, your claim could take longer. In some cases, it may be necessary to have your case go to court, although many claims settle without court action being needed. Should your case go to court, our solicitors could support you throughout the process.
My manager has breached my confidentiality at work, could I sue?
Your employer, as a data controller, has a responsibility to adhere to data protection law. If they fail to do so, it could result in a breach of data protection at work. In some cases, you may be able to seek compensation. For instance, if your confidentiality is breached due to a security incident and this compromises your personal data, you could seek compensation. However, you must prove that you sustained mental harm or that your finances were affected in some way due to the breach.
For more information on making a claim for your data breach, call our team on the number above.
There was a breach of data protection at work and I’m not sure whether my details were exposed, what shall I do?
If you are concerned that a breach of data protection at work exposed your personal data, you can contact your employer. They should be able to give you insight into whether you were affected by the breach.
Alternatively, you could report the breach to the ICO. They may launch an investigation into the incident and could take enforcement action depending on their findings.
You could also call our team to find out whether you’re eligible to claim.
When you make a claim for your data breach, can you do so without a lawyer?
You could make a claim for your data breach without legal assistance. We would, however, urge you to see legal advice prior to doing so. Having a knowledgeable solicitor on your side could help you through the claims process when you’re seeking compensation.
Can you get sacked for breaching data protection if you do it maliciously?
If you breach data protection policies that are set out by your employer maliciously, and it leads to someone else’s personal data becoming compromised, your employer may conduct a formal investigation.
Can I claim for a data breach?
There are certain criteria that you must meet in order to put forward a personal data breach claim. Firstly, you must prove that an organisation’s failings caused your personal data to become compromised in a breach. You must also demonstrate that you experienced mental suffering or financial harm.
To learn whether you’re eligible to make a claim for a data breach, call us.
We hope that you have found this guide to claiming compensation for an employer data breach helpful. You may find the following guides useful if you wish to claim compensation from your employer.
External Guides Relating To A Breach Of The Data Protection Act By An Employer And What Happens If An Employee Breaches GDPR
An ICO guide to taking your case to court and claiming compensation.
How to make a complaint about an organisation that has breached your personal data.
Government guidance on data breaches.
We hope this has been helpful to those who’ve fallen victim to an employer data breach. Now we have answered questions about what happens if an employee breaches GDPR, and ‘can my employer give out personal information?’ If you feel you could make a data breach claim for a data protection breach at work, please contact us.