What Are My Rights After An Employer Data Breach?

I Suffered A Psychological Injury After An Employer Data Breach. What Are My Rights?

employer data breach

It is normal for employers to collect personal data from their employees. However, businesses and organisations have a duty of care towards their employee’s data. Essentially, employers should have data security procedures to protect their employee’s data. So what happens if an employer data breach takes place? The employer may need to deal with the ICO, but (additionally) the employee could suffer emotional distress or financial losses. Therefore, an employer may have liability for any damages caused.

Clients often ask us, ‘Can I sue my employer for a data breach?’ You may have grounds to claim compensation if a data protection breach has occurred and you’ve suffered as a result. Fortunately, Accident Claims UK could help you with your potential data breach claim for compensation. We could put you in touch with a skilled data breach solicitor to handle your compensation claim.

Contact Accident Claims UK for your free consultation:

Select A Section

A Guide To Employer Data Breach Claims

When you start working at a new job, your employer will usually collect personal data from you. This can include personal details such as your name, date of birth, equality and diversity information and bank details. Over time employers will also collect data that is relevant to your role, such as details of performance reviews and promotions.

Your employer is required to protect your personal data under the General Data Protection Act (GDPR). This is implemented into UK legislation through the Data Protection Act 2018.

Employers should do the following to protect their employees’ data privacy and security.

  1. Firstly, employers have a duty of care towards their employees’ personal data. This means that they should protect the data so that it is not unlawfully or accidentally accessed, disclosed, lost, destroyed or altered. To do this, they could train staff on ineffective data management techniques and implement data security systems, for example.
  2. Secondly, employers could be held liable if they cause a personal data breach and you suffer because of it. You could sue your employer for the data breach and claim compensation.

In this guide, we will explain how an employer data breach can take place. We will also look at how to sue your employer for a data breach if you have a valid claim.

Victims of data breaches can suffer emotional distress or psychological injuries. They can also lose money to fraudsters. If this happened to you because of an employer’s data breach, you could have a valid claim.

Contact Accident Claims UK to speak to us about your ordeal. We could put you in touch with a data breach solicitor to start working on your claim if we can see that you are owed compensation.

Personal Data My Employer Could Hold About Me

Here are some examples of personal data that your employer could hold about you.

  • Special category data (such as racial or ethnic origin or trade union membership)
  • National Insurance Number
  • Financial information
  • Name
  • Address
  • Date of birth
  • Email address
  • Telephone numbers
  • Bank details
  • Job location
  • Payroll data (such as tax codes)
  • Performance review information
  • Information regarding promotions or demotions
  • Your password(s) for their computer network

Your employer should safeguard your personal data. So you may be able to claim compensation if a data breach at work takes place and you suffer as a result.

What Is An Employer Data Breach Claim?

An employer data breach occurs when an employee’s personal data is accidentally or unlawfully destroyed, lost, altered, disclosed or accessed. This violates the data privacy rights and security of the employee. If the employee suffers mentally or financially because of the breach, they could make a claim.

The following occurrences could count as data breaches:

  • Personal data becomes lost or stolen, altered or encrypted
  • A data leak or data exposure incident occurs
  • Unauthorised third parties access the data
  • Data is shared without permission

Data breaches can happen because of human error. For example, an employer’s breach of the Data Protection Act can occur if a staff member attached a file containing an employee’s personal data to a mass email without permission. Even though this was a mistake, it could still be a privacy rights data breach.

However, at other times, criminals may deliberately cause data breaches. For example, an organisation may be the victim of a hacking attack or cyber attack. In turn, this could lead to criminals accessing employees’ personal data. This could still be considered a data breach by an employer because the employer failed to safeguard the data from and left it vulnerable to access. These criminals could use the breached employee personal data to commit identity theft or fraud. As a result, the employees may experience financial losses.

Claimants often wonder, ‘Can I sue my employer for a breach of data protection?’ You may be eligible to claim compensation if you have been experienced a workplace breach of data protection and suffered as a result. To discuss your potential data breach claim, contact Accident Claims UK.

What Should An Employer Do If They Have Had A Data Breach?

As we have mentioned, if an employer determines the purpose and means of processing your data, they’re responsible for protecting your data. As a data subject, you have rights. A data subject is an individual whose personal information has been collected by an organisation. In this case, the data subject is an employee.

Employers should do the following to protect their employees’ data:

  • Firstly, employers should advise you why they want to collect your personal data and how they intend to use it.
  • Secondly, the employer must not share the employee’s personal data without obtaining their prior consent, unless in certain circumstances.
  • Similarly, the personal data can only be used by the employer for the purpose that it was collected.
  • Furthermore, the employer must follow all relevant data protection laws.
  • Finally, the employer must keep the personal employee data they collect up to date.

Employees can claim compensation if a breach of the Data Protection Act by an employer takes place and they suffer because of it. They could settle the data breach claim out of court.

What should an employer do if they realise that they have committed a personal data breach? They should report the breach to the Information Commissioner’s Office (ICO) within 72 hours, providing it’s a reportable breach.

Who is the Information Commissioner’s Office?

They are a public body in the UK that is responsible for upholding the data protection rights of the public.

Does the ICO enforce GDPR?

Yes. The ICO will investigate organisations when they breach the GDPR. The Information Commissioner’s Office can issue the organisation with an ICO fine, and these fines can be tens of millions.

Examples Of Action Take By The ICO Against Employers

An employer could be issued with an ICO fine if they commit a data breach. Let’s look at a case study of an ICO fine issued for data protection breaches by employers.

Carphone Warehouse Employer Data Breach

The ICO fined mobile phone company Carphone Warehouse in 2018. This is in response to a substantial work data breach. Carphone Warehouse was the victim of a cyber attack in 2015. As a result, the criminals were able to access the personal data of over 1,000 employees. 3 million customers also had their personal data breached.

Here are some examples of personal information that was breached:

  • Names
  • Addresses
  • Phone numbers
  • Dates of birth
  • Marital status

The criminals also accessed historical payment card details belonging to over 18,000 customers. Because Carphone Warehouse failed to protect their customers’ and employees’ data, they were issued a £400,000 fine by the ICO.

How Can A Data Breach Happen?

Let’s look at what can cause a workplace personal data breach:

  • An organisation can send a letter to the wrong address, therefore sharing an employee’s personal data without their permission.
  • A receptionist can leave their monitor unlocked so that public members can see private information on their screen.
  • A worker can transfer files that contain employee data onto their personal USB stick. The device may become lost or stolen.
  • Similarly, an employee may accidentally upload files containing personal data to a cloud storage system. This could enable unauthorised persons to access personal data.

Those from outside the organisation can also cause data breaches. For example, a breach of data protection can also occur if the organisation is the target of a cyber attack and the employer hasn’t protected your data properly. Criminals may use malware such as rootkits, spyware, bots or viruses to access a business’s computer system.

When Could You Claim For A GDPR Data Breach By An Employer?

You could sue your employer for a breach under the following circumstances:

  • Firstly, a personal work-related data breach must have taken place and you should have been the victim.
  • Secondly, you must have suffered emotional distress (non-material damages) or financial losses (material damages) or both because of the data breach.

Although victims of data breaches can claim compensation directly, many people prefer to appoint a data breach solicitor to handle their claim. The solicitor can value their claim accurately to make sure they receive the correct amount of compensation.

To discuss your potential compensation claim, call Accident Claims UK.

What Evidence Do I Need To Make An Employer Data Breach Claim?

You should provide evidence to prove that you have been affected by a data breach.

Firstly, your employer should have reported the breach to the ICO if it poses a risk to you. Your employer should have also sent you a notification about the breach. You can use this notification as evidence to prove that the data breach took place.

Secondly, you may have been psychologically injured because of the data breach. Therefore, you could use your medical records to prove your psychological injuries. You should also have an independent medical assessment of your injuries and a report from that could be used as evidence.

Finally, records from your bank may be used as evidence of financial losses incurred.

Employer Data Breach Compensation Calculator

Many people who are considering suing their employer for a data breach, are interested to know how much compensation they could claim. You can use the table below to estimate how much you could claim in non-material damages. This is compensation for any emotional distress incurred. The table does not include how much compensation you could claim in material damages (financial loss).

Type of injury sustainedClassification Of SeverityDescription of injury and commentsEstimated compensation
Post-Traumatic Stress DisorderLess severeThe person affected should fully recover in one to two years.£3,710 - £7,680
Post-Traumatic Stress DisorderModerateThe person affected should already have fully recovered by the time of the claim. The claimant could still have some residual effects of the post-traumatic stress disorder. This should not grossly disable the claimant.£7,680 - £21,730
Post-Traumatic Stress DisorderModerately severeThe person who has been affected will have suffered the effects and symptoms of PTSD. This person should have a better prognosis than the person below.£21,730 - £56,180
Post-Traumatic Stress DisorderSevereThe claimant will have suffered permanent effects.£56,180 - £94,470
Psychiatric Damage (General)Less severeThose who have suffered a less severe psychiatric injury should be awarded compensation which takes account of any disabilities which they are left with.£1,440 - £5,500
Psychiatric Damage (General)ModerateThe person who has been affected could experience difficulties with continuing in work or education. They could also be left with problems in maintaining relationships.£5,500 - £17,900
Psychiatric Damage (General)Moderately severeThe victim may have problems with factors highlighted such as work, education and relationships. This victim may have a better outlook than the person below.£17,900 - £51,460
Psychiatric Damage (General)SevereThe victim could have suffered a very severe form of psychiatric injury. They could experience problems with the issues which are highlighted above.£51,460 - £108,620

The compensation amounts in this table are based on guidelines from the Judicial College. Of course, how much compensation you receive may vary depending on the circumstances of your case. Please call Accident Claims UK to speak to an advisor and we can estimate how much your claim could be worth.

Types Of Non-Material And Material Damages You Could Claim

For many people, a data breach is the 21st century equivalent of having your house broken into. Many people suffer emotional distress at having their privacy violated, especially if private information was breached. In addition, the trauma can cause some individuals to suffer psychological injuries. For example, they may develop depression, a problem with anxiety or PTSD.

Similarly, victims of data breaches may suffer financial losses. This is because fraudsters may use breached data to steal from a data subject or target them for identity theft or fraud.

Therefore, up to two heads of claim can be claimed:

  • Material damages, which compensates the claimant for any money lost.
  • Non-material damages, which compensates the claimant for any emotional distress or psychological injuries suffered.

No Win No Fee Employer Data Breach Claims

A great advantage of claiming compensation through our solicitors is that they can handle your claim on a No Win No Fee basis. Traditionally, claimants pay an upfront fee to their solicitor. However, if you make a No Win No Fee claim, you will not be charged a solicitor’s fee ahead of your claim. Instead, you would be charged a success fee if your solicitor wins your claim.

Why do some people prefer to make a No Win No Fee data breach claim?

Well, in the unlikely event that your claim is not successful, you won’t have to pay a success fee. What’s more, because there’s no upfront solicitor’s fee to pay, many people find it the more affordable way of funding a solicitor.

Our solicitors offer a No Win No Fee agreement to those with formidable claims, so call Accident Claims UK today to see if you have a valid case.

Contact An Advisor

Are you the victim of a data breach? Then you may be owed compensation for any financial losses or emotional distress incurred. To begin your claim, please contact Accident Claims UK to speak about the incident with an advisor. We could appoint a data breach solicitor to start working on your claim if we can see that you have a formidable claim. However, if you’d just like free legal advice, you’re under no obligation to use the services of our solicitors.

Contact Accident Claims UK using the details below:

Employer Data Breach Claim FAQs

We will now answer some frequently asked questions about data breaches.

What are data subject rights under the GDPR?

A data subject is an individual whose data is collected, processed and stored. Under the General Data Protection Regulation, data subjects have many rights including the right to:

  • Be informed of what their data will be used for.
  • Have inaccurate data rectified.
  • In certain circumstances, to object to data processing.

How do you report an employer for breaching data protection?

What should you do if you believe your employer has breached your personal data. We recommend that you complain formally to your employer. However, if you are not happy with your employer’s response they take no further action where they should, you can raise your concerns with the Information Commissioner’s Office.

The ICO has a guide on how to report an organisation or employer for breaching data protection.

Are there different types of data breaches?

There are several ways that personal data can be breached. A privacy rights data breach can happen because of an error made by an employee at an organisation. However, data breaches can also happen because of hacking attacks, device theft or insider theft.

Related Guides

We hope that you have found this guide to claiming compensation for an employer data breach helpful. You may find the following guides useful if you wish to claim compensation from your employer.

Credit card data breach claims

GP surgery data breach

Medical data breach

External Guides

An ICO guide to taking your case to court and claiming compensation.

How to make a complaint about an organisation that has breached your personal data.

Government guidance on data breaches.

Guide by HC

Edited by RV