I Suffered A Psychological Injury After An Employer Data Breach. What Are My Rights?
It is normal for employers to collect personal data from their employees. However, businesses and organisations have a duty of care towards their employee’s data. Essentially, employers should have data security procedures to protect their employee’s data. So what happens if an employer data breach takes place? The employer may need to deal with the ICO, but (additionally) the employee could suffer emotional distress or financial losses. Therefore, an employer may have liability for any damages caused.
Clients often ask us, ‘Can I sue my employer for a data breach?’ You may have grounds to claim compensation if a data protection breach has occurred and you’ve suffered as a result. Fortunately, Accident Claims UK could help you with your potential data breach claim for compensation. We could put you in touch with a skilled data breach solicitor to handle your compensation claim.
Contact Accident Claims UK for your free consultation:
Select A Section
- A Guide To Employer Data Breach Claims
- Personal Data That My Employer Can Hold About Me
- What Is An Employer Data Breach Claim?
- Steps An Employer Should Take If They Have Had A Data Breach
- Examples Of Action Taken By The ICO Against Employers
- When Could You Claim For A GDPR Data Breach By An Employer?
- What Evidence Do I Need To Make An Employer Data Breach Claim?
- Employer Data Breach Compensation Calculator
- Types Of Non-Material And Material Damages You Could Claim
- No Win No Fee Employer Data Breach Claims
- Contact An Advisor
- Employer Data Breach Claim FAQs
- Related Guides
When you start working at a new job, your employer will usually collect personal data from you. This can include personal details such as your name, date of birth, equality and diversity information and bank details. Over time employers will also collect data that is relevant to your role, such as details of performance reviews and promotions.
Employers should do the following to protect their employees’ data privacy and security.
- Firstly, employers have a duty of care towards their employees’ personal data. This means that they should protect the data so that it is not unlawfully or accidentally accessed, disclosed, lost, destroyed or altered. To do this, they could train staff on ineffective data management techniques and implement data security systems, for example.
- Secondly, employers could be held liable if they cause a personal data breach and you suffer because of it. You could sue your employer for the data breach and claim compensation.
In this guide, we will explain how an employer data breach can take place. We will also look at how to sue your employer for a data breach if you have a valid claim.
Victims of data breaches can suffer emotional distress or psychological injuries. They can also lose money to fraudsters. If this happened to you because of an employer’s data breach, you could have a valid claim.
Contact Accident Claims UK to speak to us about your ordeal. We could put you in touch with a data breach solicitor to start working on your claim if we can see that you are owed compensation.
Here are some examples of personal data that your employer could hold about you.
- Special category data (such as racial or ethnic origin or trade union membership)
- National Insurance Number
- Financial information
- Date of birth
- Email address
- Telephone numbers
- Bank details
- Job location
- Payroll data (such as tax codes)
- Performance review information
- Information regarding promotions or demotions
- Your password(s) for their computer network
Your employer should safeguard your personal data. So you may be able to claim compensation if a data breach at work takes place and you suffer as a result.
An employer data breach occurs when an employee’s personal data is accidentally or unlawfully destroyed, lost, altered, disclosed or accessed. This violates the data privacy rights and security of the employee. If the employee suffers mentally or financially because of the breach, they could make a claim.
The following occurrences could count as data breaches:
- Personal data becomes lost or stolen, altered or encrypted
- A data leak or data exposure incident occurs
- Unauthorised third parties access the data
- Data is shared without permission
Data breaches can happen because of human error. For example, an employer’s breach of the Data Protection Act can occur if a staff member attached a file containing an employee’s personal data to a mass email without permission. Even though this was a mistake, it could still be a privacy rights data breach.
However, at other times, criminals may deliberately cause data breaches. For example, an organisation may be the victim of a hacking attack or cyber attack. In turn, this could lead to criminals accessing employees’ personal data. This could still be considered a data breach by an employer because the employer failed to safeguard the data from and left it vulnerable to access. These criminals could use the breached employee personal data to commit identity theft or fraud. As a result, the employees may experience financial losses.
Claimants often wonder, ‘Can I sue my employer for a breach of data protection?’ You may be eligible to claim compensation if you have been experienced a workplace breach of data protection and suffered as a result. To discuss your potential data breach claim, contact Accident Claims UK.
As we have mentioned, if an employer determines the purpose and means of processing your data, they’re responsible for protecting your data. As a data subject, you have rights. A data subject is an individual whose personal information has been collected by an organisation. In this case, the data subject is an employee.
Employers should do the following to protect their employees’ data:
- Firstly, employers should advise you why they want to collect your personal data and how they intend to use it.
- Secondly, the employer must not share the employee’s personal data without obtaining their prior consent, unless in certain circumstances.
- Similarly, the personal data can only be used by the employer for the purpose that it was collected.
- Furthermore, the employer must follow all relevant data protection laws.
- Finally, the employer must keep the personal employee data they collect up to date.
Employees can claim compensation if a breach of the Data Protection Act by an employer takes place and they suffer because of it. They could settle the data breach claim out of court.
What should an employer do if they realise that they have committed a personal data breach? They should report the breach to the Information Commissioner’s Office (ICO) within 72 hours, providing it’s a reportable breach.
Who is the Information Commissioner’s Office?
They are a public body in the UK that is responsible for upholding the data protection rights of the public.
Does the ICO enforce GDPR?
Yes. The ICO will investigate organisations when they breach the GDPR. The Information Commissioner’s Office can issue the organisation with an ICO fine, and these fines can be tens of millions.
An employer could be issued with an ICO fine if they commit a data breach. Let’s look at a case study of an ICO fine issued for data protection breaches by employers.
Carphone Warehouse Employer Data Breach
The ICO fined mobile phone company Carphone Warehouse in 2018. This is in response to a substantial work data breach. Carphone Warehouse was the victim of a cyber attack in 2015. As a result, the criminals were able to access the personal data of over 1,000 employees. 3 million customers also had their personal data breached.
Here are some examples of personal information that was breached:
- Phone numbers
- Dates of birth
- Marital status
The criminals also accessed historical payment card details belonging to over 18,000 customers. Because Carphone Warehouse failed to protect their customers’ and employees’ data, they were issued a £400,000 fine by the ICO.
How Can A Data Breach Happen?
Let’s look at what can cause a workplace personal data breach:
- An organisation can send a letter to the wrong address, therefore sharing an employee’s personal data without their permission.
- A receptionist can leave their monitor unlocked so that public members can see private information on their screen.
- A worker can transfer files that contain employee data onto their personal USB stick. The device may become lost or stolen.
- Similarly, an employee may accidentally upload files containing personal data to a cloud storage system. This could enable unauthorised persons to access personal data.
Those from outside the organisation can also cause data breaches. For example, a breach of data protection can also occur if the organisation is the target of a cyber attack and the employer hasn’t protected your data properly. Criminals may use malware such as rootkits, spyware, bots or viruses to access a business’s computer system.
You could sue your employer for a breach under the following circumstances:
- Firstly, a personal work-related data breach must have taken place and you should have been the victim.
- Secondly, you must have suffered emotional distress (non-material damages) or financial losses (material damages) or both because of the data breach.
Although victims of data breaches can claim compensation directly, many people prefer to appoint a data breach solicitor to handle their claim. The solicitor can value their claim accurately to make sure they receive the correct amount of compensation.
To discuss your potential compensation claim, call Accident Claims UK.
You should provide evidence to prove that you have been affected by a data breach.
Firstly, your employer should have reported the breach to the ICO if it poses a risk to you. Your employer should have also sent you a notification about the breach. You can use this notification as evidence to prove that the data breach took place.
Secondly, you may have been psychologically injured because of the data breach. Therefore, you could use your medical records to prove your psychological injuries. You should also have an independent medical assessment of your injuries and a report from that could be used as evidence.
Finally, records from your bank may be used as evidence of financial losses incurred.
Many people who are considering suing their employer for a data breach, are interested to know how much compensation they could claim. You can use the table below to estimate how much you could claim in non-material damages. This is compensation for any emotional distress incurred. The table does not include how much compensation you could claim in material damages (financial loss).
|Type of injury sustained||Classification Of Severity||Description of injury and comments||Estimated compensation|
|Post-Traumatic Stress Disorder||Less severe||The person affected should fully recover in one to two years.||£3,710 - £7,680|
|Post-Traumatic Stress Disorder||Moderate||The person affected should already have fully recovered by the time of the claim. The claimant could still have some residual effects of the post-traumatic stress disorder. This should not grossly disable the claimant.||£7,680 - £21,730|
|Post-Traumatic Stress Disorder||Moderately severe||The person who has been affected will have suffered the effects and symptoms of PTSD. This person should have a better prognosis than the person below.||£21,730 - £56,180|
|Post-Traumatic Stress Disorder||Severe||The claimant will have suffered permanent effects.||£56,180 - £94,470|
|Psychiatric Damage (General)||Less severe||Those who have suffered a less severe psychiatric injury should be awarded compensation which takes account of any disabilities which they are left with.||£1,440 - £5,500|
|Psychiatric Damage (General)||Moderate||The person who has been affected could experience difficulties with continuing in work or education. They could also be left with problems in maintaining relationships.||£5,500 - £17,900|
|Psychiatric Damage (General)||Moderately severe||The victim may have problems with factors highlighted such as work, education and relationships. This victim may have a better outlook than the person below.||£17,900 - £51,460|
|Psychiatric Damage (General)||Severe||The victim could have suffered a very severe form of psychiatric injury. They could experience problems with the issues which are highlighted above.||£51,460 - £108,620|
The compensation amounts in this table are based on guidelines from the Judicial College. Of course, how much compensation you receive may vary depending on the circumstances of your case. Please call Accident Claims UK to speak to an advisor and we can estimate how much your claim could be worth.
For many people, a data breach is the 21st century equivalent of having your house broken into. Many people suffer emotional distress at having their privacy violated, especially if private information was breached. In addition, the trauma can cause some individuals to suffer psychological injuries. For example, they may develop depression, a problem with anxiety or PTSD.
Similarly, victims of data breaches may suffer financial losses. This is because fraudsters may use breached data to steal from a data subject or target them for identity theft or fraud.
Therefore, up to two heads of claim can be claimed:
- Material damages, which compensates the claimant for any money lost.
- Non-material damages, which compensates the claimant for any emotional distress or psychological injuries suffered.
A great advantage of claiming compensation through our solicitors is that they can handle your claim on a No Win No Fee basis. Traditionally, claimants pay an upfront fee to their solicitor. However, if you make a No Win No Fee claim, you will not be charged a solicitor’s fee ahead of your claim. Instead, you would be charged a success fee if your solicitor wins your claim.
Why do some people prefer to make a No Win No Fee data breach claim?
Well, in the unlikely event that your claim is not successful, you won’t have to pay a success fee. What’s more, because there’s no upfront solicitor’s fee to pay, many people find it the more affordable way of funding a solicitor.
Our solicitors offer a No Win No Fee agreement to those with formidable claims, so call Accident Claims UK today to see if you have a valid case.
Are you the victim of a data breach? Then you may be owed compensation for any financial losses or emotional distress incurred. To begin your claim, please contact Accident Claims UK to speak about the incident with an advisor. We could appoint a data breach solicitor to start working on your claim if we can see that you have a formidable claim. However, if you’d just like free legal advice, you’re under no obligation to use the services of our solicitors.
Contact Accident Claims UK using the details below:
- Call us on 0800 073 8801.
- Make an online enquiry using our form.
- Chat to us using the chat on the right-hand corner of your screen.
We will now answer some frequently asked questions about data breaches.
What are data subject rights under the GDPR?
A data subject is an individual whose data is collected, processed and stored. Under the General Data Protection Regulation, data subjects have many rights including the right to:
- Be informed of what their data will be used for.
- Have inaccurate data rectified.
- In certain circumstances, to object to data processing.
How do you report an employer for breaching data protection?
What should you do if you believe your employer has breached your personal data. We recommend that you complain formally to your employer. However, if you are not happy with your employer’s response they take no further action where they should, you can raise your concerns with the Information Commissioner’s Office.
Are there different types of data breaches?
There are several ways that personal data can be breached. A privacy rights data breach can happen because of an error made by an employee at an organisation. However, data breaches can also happen because of hacking attacks, device theft or insider theft.
We hope that you have found this guide to claiming compensation for an employer data breach helpful. You may find the following guides useful if you wish to claim compensation from your employer.
An ICO guide to taking your case to court and claiming compensation.
How to make a complaint about an organisation that has breached your personal data.
Government guidance on data breaches.
Guide by HC
Edited by RV