What Are Your Rights After A Wrong Email Address Data Breach?

Recent years have seen internet services, including email, being used by millions of people. Email addresses are often used to sign up for online newsletters, receive confirmation emails for online shopping and correspond with businesses and organisations. They are a type of personal information which means data controllers and data processors must adhere to data protection law and protect your personal data. This guide will provide further guidance on your rights after a wrong email address data breach.

wrong email address data breach

Wrong email address data breach claims guide

Data controllers decide how and why your personal data is going to be processed and can process it themselves. A data processor acts on behalf of the controller. If either fails to adhere to data protection law, it could result in the breach of your personal data.

A data breach is a term that describes a security incident that affected the confidentiality, integrity or availability of your personal data.

An organisation must report certain breaches to the Information Commissioner’s Office (ICO) usually 72 hours from when they became aware of it. They should also notify you of the breach if it has affected your rights and freedoms. 

Whilst we have aimed to provide the information you need, we understand you may have questions. If so, please get in touch with our team using the details below:

    • Phone: 0800 073 8801
    • Website: Fill out our online contact form
    • Live chat: Speak with an advisor using the function below.

Choose A Section

  1. Is Sharing Or Sending An Email To The Wrong Address A Data Breach?
  2. Why Do Data Breaches Involving The Wrong Email Happen?
  3. How Could Human Error Cause A Wrong Email Address Data Breach?
  4. Examples Of Wrong Email Address Data Breach Claims
  5. Data Breach Compensation Payout Examples
  6. Can A No Win No Fee Solicitor Help Me Make A Data Breach Claim?

Is Sharing Or Sending An Email To The Wrong Address A Data Breach?

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) work together to set out a data controller and data processors responsibility for protecting your personal data. The DPA was updated after the UK left the European Union.

Personal information, as defined by the UK GDPR, means any information that relates to an identifiable individual. This could include your name, email address, postal address, phone number, IP address or car registration number.

There is also special category data which is personal information that needs more protection, such as information that relates to your health or ethnic origin. An email could contain different types of personal information. If it’s sent to the wrong address, it could result in your data being compromised. 

If the breach was a result of an organisations failings and it caused you to sustain psychological harm or financial damage, you may be able to seek compensation. 

For more information about whether you’re eligible to make a wrong email address data breach claim, call our team on the number above.

Why Do Data Breaches Involving The Wrong Email Happen?

An email data breach can happen for a number of reasons. Some examples can include: 

  • Lack of training: An organisation might fail to provide staff with adequate training on the steps they should take to keep personal data safe. As a result, a staff member may fail to check an email before sending it to the wrong person.
  • Lack of data protection policies: An organisation may fail to have any data protection policies in place to protect personal data. As such, multiple emails containing sensitive information, such as medical data, could be sent to the wrong people.
  • Failure to update details: You might call up to provide an updated email address. However, the organisation might fail to update it on their system. As a result, information that could be used to directly identify you is sent to the wrong person.

Human error can also play a role in data breaches. We have explored this in more detail in the section below. 

How Could Human Error Cause A Wrong Email Address Data Breach?

Human error data breaches involve both intentional and accidental incidents that cause your personal information to be compromised. For example:

  • An ex-employee may steal a computer containing people’s personal information, including their email addresses. They might unlawfully send emails to the wrong addresses causing various people’s data to be compromised.
  • An employee may accidentally add another email address into the email box before sending out information about a medical appointment to you.

To discuss another type of incident involving a wrong email address data breach due to human error, call our team. They can advise on whether you’re eligible to claim.

Examples Of Wrong Email Address Data Breach Claims

There are various types of data breaches involving email addresses. For example, an organisation might:

  • Email the wrong person
  • Send service emails as marketing emails
  • Fail to have adequate security measures in place leading to their customers being involved in a phishing scam and opening web links or attachments sent to them
  • Fail to have a lawful basis for processing your email address or other personal information

There are ways for organisations to use reasonable prevention measures to reduce the risk of  data breaches. If they fail to put these measures in place, your personal data could be compromised due to a breach caused by an organisation’s failings. You could claim if this caused you to sustain damage to your finances or mental well being.

Data Breach Compensation Payout Examples

For data breach claims, the settlement you receive may comprise material damages and non-material damages.

Material damages compensates for any related financial losses incurred as a result of the personal data breach. For example, if your credit card details have been stolen, someone might have taken loans out in your name affecting your credit score. You could receive compensation for the financial impact this has had on you.

Non-material damages covers the psychological injuries that occurred due to a personal data breach, such as distress, stress, anxiety or post-traumatic stress disorder

The Vidal-Hall and Others V Google [2015] Court of Appeal, challenged the way that damages could be claimed for data breaches. The outcome means you can now seek compensation for psychological harm without also claiming for financial losses. 

Legal professionals can use the Judicial College Guidelines (JCG) to help them calculate the non-material damages portion of your claim. The guidelines are also used for personal injury, medical negligence and fatal accident claims. They contain bracket compensation amounts for different types of mental injuries. 

We have used figures from the 16th edition of the guidelines to create the table below. The compensation brackets presented in the table are not exact figures.

Solicitors take into account many different factors when creating a value for a claim. For instance, this includes the type of injury you sustained, how long it takes to recover and the psychological or financial impact on your quality of life. As such, you should only use the figures as a guide.

Psychological InjuriesCompensation BracketsDescription
Anxiety Disorder: Severe£59,860 to £100,670Effects of the illness are permanent and there is an impact on the person's ability to function at the same level as before the trauma.
Anxiety Disorder: Moderately Severe£23,150 to £59,860For the immediate future, the symptoms may cause a significant disability. However, there will be a better prognosis.
Anxiety Disorder: Moderate£8,180 to £23,150The person is mostly recovered with any ongoing symptoms not having a hugely disabling effect.
Anxiety Disorder: Less Severe£3,950 to £8,180A near full recovery with some minor symptoms continuing after two years.
Psychiatric Damage: Severe£54,830 to £115,730The person will have a very poor prognosis and issues with several aspects of their life.
Psychiatric Damage: Moderately Severe£19,070 to £54,830A more optimistic prognosis but still significant problems.
Psychiatric Damage: Moderate£5,860 to £19,070There is a good improvement and the prognosis would be considered as good.
Psychiatric Damage: Less Severe£1,540 to £5,860Daily activities and sleep have been affected. The extent of how symptoms have affected your life will be considered when calculating the award.

Get in touch for more information about the compensation you could receive following a wrong email address data breach.

Can A No Win No Fee Solicitor Help Me Make A Data Breach Claim?

Data breach claims could be made through No Win No Fee agreements. This is an arrangement between you and your solicitor.

A Conditional Fee Agreement is a type of No Win No Fee arrangement, and used as a way to fund legal representation. It means that you aren’t paying anything up front for your solicitor’s services. You also won’t pay for their services if your claim fails. 

If your claim wins, you will pay a success fee from your compensation. This is subject to a legal cap.

This is a service our solicitors can provide. For more information, you can speak with an advisor from our team. They can advise whether one of our solicitors can represent your claim on this basis. Alternatively, they can discuss your potential claim in more detail.

To find out more, please get in touch with our team using the details below:

    • Phone: 0800 073 8801
    • Website: Fill out our online contact form
    • Live chat: Speak with an advisor using the function below.

Wrong Email Address Data Breach Claims

Below, we have provided some additional resources you may find helpful: 

For more information on making a wrong email address data breach claim, call our team using the number above. 

Guide by EW

Edited by MMI