Has your data been breached? Has personal information or personally sensitive data been breached by those who had a responsibility to keep it safe? A data breach incident can be highly distressing and result in both financial and mental health damage that can go on for weeks, months or even years.
After the shock of a data breach, there are practical steps that you can take to reduce the impact and possibly seek compensation. However, not all data breaches will mean you qualify for compensation. You must be able to show whether the organisation failed to comply with data security laws.
Both personal data and special category data are protected by law. When these laws are not complied with leading to personal data being breached you could be eligible to seek compensation for any damage that has been caused.
Towards the end of the guide, we discuss how a No Win No Fee agreement can be used as a funding structure for the work a solicitor does on your behalf.
You can read the sections below for more information about what to do if your data has been breached, or if you would prefer to speak to one of our advisors, please:
- Call our team for free on 0800 073 8801
- Contact us and we can call you back with no obligation to proceed
- Or access free legal advice through the live support option
Select A Section
- How To Check If Your Data Has Been Breached
- Steps To Take After A Data Breach
- Report Any Suspicious Communications
- Claim Compensation From The Company Or Organisation
- My Data Has Been Breached – What Could I Claim?
- What Could I Claim If My Data Has Been Breached?
As we interact with online agencies or companies that all request our personal information, it can seem daunting trying to find the origin of the data breach incident. But it’s important to try and locate exactly where, when and why the data breach occurred.
If an organisation is subject to a data security incident that causes personal data of a data subject to be breached, then if it affects your rights and freedoms they must inform you straight away. The organisation must also inform the Information Commissioner’s Office ICO within 72 hours of discovering the breach.
Data controllers (organisations or companies), those who say why and how data should be processed or processors who work on behalf of the data controller may not always be aware of the breach straight away. In fact, it may be you, who has spotted that your data may have been involved in a breach. If this is the case you can write to the company asking them if your data has been breached and what information was involved.
In addition to this, you can report a data problem to the independent UK body responsible for upholding data protection rights called the Information Commissioner’s Office (ICO). The ICO does not pay compensation. However, any investigation they complete may strengthen your claim.
What can you do if you discover a data breach? There are some obvious and immediate steps such as changing passwords on all your devices. You can also install software defence programmes. When it relates to seeking compensation from a party responsible for the breach, the list below can help:
- Raise a concern with the party who breached your data
- Complain to the ICO
- Start to assemble documented proof that shows the negative financial and emotional impact of the data breach
- Access medical records to substantiate your claim of psychiatric injury
- Reach out and connect with a data breach specialist.
- Please speak to our team now for help on any of these matters
Worryingly, a data breach incident can happen in a way that means you are not immediately aware of it. Sometimes the first noticeable indication of a data breach impacting you can be any (or all ) of the following:
- An increase in nuisance phone calls
- A higher volume of spam email
- Dubious emails
- Strange, unsolicited activity on social media accounts
- Declined credit cards and unauthorised overdraft notifications
- Alerts from your bank or financial services that others have attempted to log in from unknown devices
- Missing funds from your bank account
- Notification about debts accrued in your name
- Malicious threats or even blackmail attempts
Activity such as this can all be indicative of a data breach. Prompt action is essential to reduce the impact.
For a data breach claim to be successful it is important to demonstrate that a company or organisation failed in their legal obligation to apply correct data protection procedures. The ICO detail ‘7 Core Principles’ to ensure data is being processed correctly.
- Data collection is lawful, fair and obvious in purpose
- Used only for the reasons collected
- Limit the amount collected
- Kept accurate and up to date
- Retained only for as long as needed
- Kept secure at all times
- All involved parties show personal accountability for data processing activities.
In addition to this, it’s important to be aware that data breach compensation claims may not be valid if the company in question can prove they were doing its utmost to defend against cyber attacks or hacking and that they were protecting your data in accordance with data security regulations.
Two areas can apply in your compensation claim. Material damages are all the monetary amounts that you can prove are directly related to the data breach. For example, you may have suffered actual stolen funds from your bank account or had lines of fraudulent credit opened in your name and then exhausted.
In addition to this, non-material damages can assess the emotional and psychological injury the personal data breach has caused. Such as:
- Post-Traumatic Stress Disorder (PTSD)
These psychiatric injuries have award brackets attributed to them in the Judicial College Guidelines. These amounts are based on previous awards in court but it’s important to note that they do not represent guaranteed compensation awards:
|Type of Psychiatric Harm||JC Guideline Award Bracket and Severity Level||Details|
|Psychiatric Damage Generally||£54,830 to £115,730 - (A) Severe Level||A serious and wide-ranging level of negative impact in all areas of life|
|Psychiatric Damage Generally||£19,070 to £54,830 - (B) Moderately Severe Level||A better prognosis than previous bracket but still indicative of a long-standing disability and coping issues|
|Psychiatric Damage Generally||£5,860 to £19,070 - (C) Moderate Level||This bracket may reflect similar issues but with an improvement by the time that the case MAY go to trial.|
|Psychiatric Damage Generally||£1,540 to £5,860 - (D) Less Severe Level||Impact on sleep or the creation of a distinct anxiety or phobia. Award will acknowledge length of illness|
|Post-Traumatic Stress Disorder (PTSD)||£59,860 to £100,670 - (A) Severe Level||A devastating and all-encompassing impact that creates permanent injury and much reduced quality of life|
|Post-Traumatic Stress Disorder (PTSD)||£23,150 to £59,860 - (B) Moderately Severe||A more favourable prognosis than about particularly with professional counselling. Still representative of a significant disability.|
|Post-Traumatic Stress Disorder (PTSD)||£8,180 to £23,150 (C) Moderate Level||Predominantly a recovery with any continuing effects being not grossly disabling|
|Post-Traumatic Stress Disorder (PTSD)||£3,950 to £8,180 - (D) Less Severe Level||A full recovery within a 24 moth time frame with only minor persisting issues after this period.|
Another important point to consider is time limits. At the moment there is a 6-year time scale to starting a data breach claim. This can also reduce to 1-year if claiming against a public body. Please speak with our advisors for more information on this.
Importantly, starting a claim after a data breach is something that you are free to do independently or with legal representation. If cost is a prohibitive factor, a No Win No Fee agreement can be a useful way of accessing this legal help at no initial cost to you. Furthermore, if the data breach claim fails, you have nothing to pay your solicitors for their service
No Win No Fee agreements (also called Conditional Fee Agreements) only require a minimum deduction from the compensation amount if the case wins. This is never more than 25%. This guarantees that after a successful outcome, you always benefit most from the compensation payout. Discover how an arrangement such as this could help you today by:
- Calling our team for free on 0800 073 8801
- Contact us and we can call you back
- Or access free legal advice through the live support option in the bottom right hand corner.
Learn More About How To Claim If Your Data Has Been Breached?
In conclusion, the guides below offer further reading on the topic of data breach:
- FAQ’s on UK GDPR and data breach compensation claims
- What are your rights after a school data breach?
- What could I do after a Social Service data breach?
- Advice from the government about online safety
- More information on the Data Protection Act 2018
- Lastly, more on why your data matters from the ICO