Has an administrator breached your personal data? Are you wondering if you are eligible to make a claim for compensation?
Admin staff carry out the role of an administrator to an organisation or business, they usually cover all clerical work ensuring the smooth running of the company. Data controllers, organisations that say how and why your personal data should be collected, have a legal responsibility under data protection laws to secure this type of data. If a data breach occurs you may be wondering what your rights are and how you could make a claim for compensation.
This guide has been written to help you understand the claims process and what you can do if you have been involved in a data breach. We will also demonstrate how the UK GDPR and the Data Protection Act 2018 are involved in protecting your data, as well as the ways in which a data breach can occur.
Contact our advisors today for more information and they can offer free advice and guidance 24 hours a day and 7 days a week. This service is available for you to use to receive answers to the questions you have.
How you could get in touch with us:
Select A Section
- How Could An Administrator Have Breached My Data?
- What Data Could Be Impacted?
- Reporting A Data Breach By An Administrator
- How Can A Data Breach Be Prevented?
- How Much Could You Claim If An Administrator Breached Your Data?
- Get Help Dealing With A Data Breach
An administrator will generally have access to lots of personal data of those that work for the company. They will also be responsible for sending emails and letters containing personal and sensitive data. This is why it is very important that employers train all staff not just admin staff on the importance of data security and demonstrate to them the aspects and principles that need to be followed when it comes to data protection laws.
Unfortunately, there are a number of ways that a data breach can happen. We have included some of the most common ways that a non-cyber data breach could occur.
- Email sent to the wrong email address
- Verbal disclosure
- Loss/Theft of paperwork containing personal data
- Unauthorised access
- Alteration of personal data
- Failure to redact
The UK General Data Protection Regulation (UK GDPR) works with the Data Protection Act 2018 (DPA) to ensure that all personal data is protected under the law. The Information Commissioner’s Office (ICO) has the authority to fine organisations who have been found to be at fault for the data breach. To be eligible to claim, you would have to have suffered financial harm or mental harm as a result of the breach. However, for any personal data breach claim to be valid you need to show that the data controller was liable for the breach.
Additionally, for data breach claims there is a limitation period of 6 years, others involving a pubic body only have a limitation of 1 year.
If you need any further information on the ways that an administrator could breach your data you can get in contact with our advisors today. Additionally, they can offer free advice and connect you to a specialist data breach solicitor.
Any data could be impacted by a data breach. That said only certain types of data are protected by data security legislation. Personal information, sensitive data and criminal information are all protected.
Information can be in the form of:
- Date of birth
- Phone number
- Email address
- Information on political beliefs
- Information on racial or ethnic origin
- Religious beliefs
- Credit card information
When a data breach occurs, the organisation should reach out to you and inform you that a breach has occurred and what information has been involved. This will not happen for every data breach just those that affect your rights. However, if this doesn’t occur and you have noticed that your personal data may have been leaked, this could either be through a news article or looking through your bank account, you can contact the organisation you think is responsible to make a formal complaint.
By contacting the organisation about your concern, you are gathering evidence to support your claim. If a serious data breach has occurred then organisations have a responsibility to inform the ICO within a 72 hour period. There may be a relevant reason for the organisation to not have contacted you, this is could be because your information was not involved in the breach.
If you have contacted the organisation and have not had a response or one that was satisfactory then you could log a complaint with the ICO. The ICO could open an investigation into the complaint you have filed. If the investigation has been undertaken and it is found that the organisation has not adhered to the applicable data laws the organisation can be fined.
If you need any further information on your rights if an administrator breached your data, you can contact us today, using the contact details above.
There are many ways that a data breach can be prevented for both non-cyber incidents and cyber-attacks. For example:
- Up to date cyber security training
- Password management
- Changing the culture
Furthermore, organisations have a duty to make sure that cyber security is up to date and functioning correctly. Also, making sure that staff have received the appropriate training on how to protect information from being revealed. This can be extended to the management of passwords and storage of data.
How Often Do Breaches Happen?
Data breaches can happen all over different sectors, including in schools and charities. Many of these breaches can be traced back to human error.
The Cyber Security Breaches Survey 2022 carried out by The Department for Digital, Culture, Media and Sport (DCMS) contains the statistics for the last year on the amount of data breaches and attacks related to cyber incidents.
We have used statistics below from the ICO. In the last financial quarter Q3 of 2021/22, there were a total of 2404 data security incidents. This was across all sectors of business, education, health, justice and local government as well as others. It also goes across the non-cyber incidents and cyber-attacks for each sector.
Non-Cyber Incidents across all sectors
- Central Government (64)
- Charity (107)
- Education (311)
- Finance (131)
- General business (57)
- Health (417)
- Justice (31)
- Land/Property (54)
- Legal (126)
- Local government (208)
- Marketing (2)
- Media (5)
- Memberships (21)
- Online Tech (26)
- Political (7)
- Regulators (7)
- Religious (5)
- Retail (87)
- Social Care (54)
- Transport (36)
- Utilities (17)
The most impacted sector was the health sector, suffering a total of 467 incidents. A total of 417 where confirmed as non-cyber incidents. Additionally, the most common form of non – cyber incidents is information being sent to the wrong recipient.
When looking at the different types of compensation that could be awarded for a data breach, the Judicial College (JCG) produces the guidelines that solicitors use to value your claim. The compensation brackets are an illustration of what you could receive in compensation, but these aren’t exact amounts. This is due to the fact that claims for compensation vary depending on the severity of the injury and the overall impact. Plus this only looks at non-material damage, not material damage.
Additionally, the figures below are from the 16th edition of the JCG that was produced in April 2022.
|Types of mental health issues||Compensation Bracket||Description of Injury|
|PTSD: Severe||£59,860 to £100,670||A permanet effect on a person that has resulted in the inability to focus on life pre-trauma level.|
|Mental Injury: Severe||£54,830 to £115,730||Injuries that have impacted the person’s ability to process daily life, or to cope with work or education.|
|PTSD: Moderately Severe||£23,150 to £59,860||A partial recovery but there is a lingering effect and a significant disability.|
|Mental Injury: Moderately Severe||£19,070 to £54,830||A permanent disability that will need professional help.|
|PTSD: Moderate||£8,180 to £23,150||Not a full recovery, but mostly recovered with some effects that continue.|
|Mental Injury: Moderate||£5,860 to £19,070||A good improvement of the initial condition but there are some lingering problems.|
|PTSD: Less Severe||£3,950 to £8,180||A total full recovery within a period of one to two years.|
|Mental Injury: Less Severe||£1,540 to £5,860||Mental health issues that fall short of a specific phobia or disorder - travel anxiety, as an example - that is associated with minor physical symptoms.|
Types of Damages
There are two forms of damages that you could claim compensation for, these are called:
- Material Damages
- Non-Material Damages
This type of damage would compensate for the psychological injury that you may have suffered during and after a data breach. The table above demonstrates some of the different examples along with the compensation brackets.
Before the case of Vidal-Hall and Others v Google , you couldn’t claim non-material damages by itself. Therefore, you would have had to claim for material damages alongside the non-material. After the Court of Appeal heard the case, it was decided that you could claim for non-material damages without having to also claim for material damages.
This is a form of compensation is used to reimburse the financial losses that have been incurred as a result of a data breach. You can claim for these damages if you have lost money from credit or debit card details being revealed in a data breach.
If you need any further guidance on the types of damages you could claim for, our advisors are on hand to offer free advice. This service is available 24/7 and they will be able to answer any questions you might have about how to make a claim.
No Win No Fee agreements can be used to fund the service your solicitor will provide.
This is formally known as a Conditional Fee Agreement CFA determined by the Conditional Fee Agreement Act 2013 (CFA). It is a form of a No Win No Fee arrangement. So this means that depending on the outcome of your claim, you would either pay a success fee or not pay. For example if you claim is successful, then you would have to pay the success fee. However, this success fee is capped by law so you wouldn’t be left out of pocket.
If anything in this guide has been of interest to you, then our advisors can help you with further guidance and advice on the topic of a data breach occurring due to an administrator error.
Here is how you can contact us:
- Phone – 0800 073 8801
- Live chat
Additionally, we have collected a selection of internal and external resources that relate to the topic of a data breach
- Data breach distress compensation
- UK GDPR and data breach compensation
- What Are My Rights After a University Data Breach?
We have collected some external resources for you to have a look through. It could provide further insight into the topic of your rights when an administrator has breached your data.
- How to minimise the risk of personal data breaches happening?
- Make a complaint
- How to report a breach
If there is any further information you require about the topic of this guide, you can contact us today.
Guide by ZS
Edited by MM.