In this guide, we will look at what you could do if a journalist data breach involving your personal data occurred and caused you harm. In some cases, you may be able to claim for the psychological and/or emotional impact that a breach has had on you.
In this guide, we will look at what personal data is, the protections it is offered by legislation, and the ways that a breach can occur if this legislation is not followed. We’ll also address the kind of harm that can be caused by a data breach.
If you’re wondering whether you could benefit from the assistance of a lawyer when making a data breach claim. We’ll look at how legal representation could benefit someone pursuing compensation. This guide will also include advice on the kinds of evidence you could provide in support of your claim.
If you would like to speak with someone today for free legal advice about claiming, you can get in touch with our team today. Simply:
- Call our advisors on 0800 073 8801
- Request a callback when you contact us
- Use the immediate help option of live support below
Select A Section
- What Is A Journalist Data Breach?
- What Steps Should Journalists And Media Organisations Take To Comply With Data Privacy?
- The Special Purpose Exemption Of The DPA
- Proving A Journalist Breached Your Data Privacy
- Journalist Data Breach Compensation Calculator
- Get In Contact With Us Today
The Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) are the laws that set out how personal data should be handled by those who process it. The Information Commissioners Office (ICO) is the independent regulatory body for data protection in the UK.
“Data controller” is the name given to the entity that decides how and why personal data should be collected. Alternatively, a data processor could be enlisted to process personal data on a controller’s behalf.
You might wonder what personal data is. It’s any processed information that can be used to identify someone. It doesn’t matter whether this identification is possible using the data in question alone or when combined with other information; it’s still classed as personal data.
A data breach is a security incident where personal data is accessed by or disclosed to an unauthorised party, altered, lost or destroyed unlawfully or accidentally. You cannot claim just because a breach happened; you need to both show that it was caused by positive wrongful conduct and that it caused you emotional and/or financial harm.
If you have any questions about what personal data is or how it should be handled, speak with a member of our team today. You could be put in contact with a No Win No Fee solicitor from our panel.
Personal data should be protected by those who hold and process it. For example, the seven key principles of the UK GDPR should lie at the heart of any organisation’s approach to handling personal data. These are:
- Ensuring that data is processed fairly and lawfully, and promoting transparency in data processing.
- Limiting purpose. This means that if personal data is collected for one reason, it shouldn’t then be further processed for another incompatible purpose.
- Minimisation of data. Processors should not collect more data than needed for the purpose for which it’s being processed.
- Accuracy. The data should be kept accurate and up-to-date where necessary.
- Limitation of storage. Data shouldn’t be kept for any longer than necessary.
- Integrity and confidentiality. There should be measures in place to prevent the data from being exposed in a breach.
- Accountability. Controllers and processors should be able to demonstrate compliance with all of these principles.
There are other considerations to make in the processing of personal data. For example, there should be a lawful basis for processing personal data.
If you would like to speak with someone about the protection in place to safeguard personal data and how a failure in this could result in a breach, speak with a member of our team today.
Section 174 of the Data Protection Act sets out that exemptions can apply to data protection requirements when certain “special purposes” are being carried out. These special purposes include journalism.
This can exempt journalism from most provisions, with the exception of the provision relating to security. It can also not be used to defend against the offence set out in Section 170 of the Data Protection Act, which sets out that it’s an offence to recklessly obtain personal data from a data controller without their consent.
In order for a data controller to be exempt from data protection provisions, they have to show that:
- The publication is in the public interest
- To comply with the provisions would be incompatible with their journalistic aims. For example, the principle of transparency might not be compatible with collecting information in a covert operation
- They can explain why the exemption is required and who considered this
If they cannot show the above, then an exemption will not apply. Below, we have included some examples of how a journalist data breach could occur:
- Your full name and address are published in a newspaper story. However, there is no public interest justification for doing so.
- A folder containing the names and contact information of confidential sources is left on public transport. It’s impossible to know who has access to these lost records.
- A failure to redact your personal data occurred before a report was published on a newspaper’s website. There’s no justification to include your personal data in this publication.
If you would like to speak with someone about a potential journalist data breach claim, speak with a member of our team today. If you have a valid claim you could be connected with a No Win No Fee lawyer from our panel.
In order to make a journalist data breach claim, you need to show that a breach involving your personal data occurred because of the wrongful conduct of the controller, and you also need to demonstrate that you were harmed by the breach.
Below are some examples of the evidence you could use in support of a claim:
- Communication between you and the organisation responsible for the breach. If a breach occurs that threatens your freedoms and rights, then you should be told about this without undue delay. You can also report a data breach to the ICO in some circumstances, but they cannot award you compensation.
- Records of financial losses that the breach has caused you to incur
- Evidence of any psychological harm. For example, if a data breach caused you distress, anxiety or another psychological injury, and you have to seek medical attention for this, then you could use your medical records as proof
Speak with a member of our team today to see if you could have a valid claim following a journalist data breach.
You may be wondering how compensation for these kinds of claims is calculated. If you make a successful journalist data breach claim, you could receive compensation for two different kinds of harm. Material damage refers to the financial losses you’ve experienced as a result of the breach. This could include money that is stolen after a bank account or credit card data breach, or the cost of moving after a social services data breach that has put you at risk. You should provide evidence, such as:
- Bills, receipts or invoices
- Bank statements
- Wage slips showing lost income
- Medical bills for any psychological impacts
As well as this, it is possible to claim for the psychiatric harm a personal data breach has caused you. Mental health effects can be valued in the same manner as personal injuries using the Judicial College Guidelines. These are guideline compensation brackets for a range of harmful effects. An excerpt from this is below and shows what could be appropriate if the medical evidence supports it:
|Kind of harm
|How severe and how much?
|General Psychiatric Damage
|Severe – (A) -£54,830 to £115,730
|Significant issues in areas of work, personal relationships. Poor prospect of making a recovery.
|Moderately Severe (B) – £19,070 to £54,830
|Significant problems in areas of work, personal relationships. Much better prospect for recovery than in cases that are more serious.
|Moderate (C) – £5,860 to £19,070
|Despite problems in areas of work, personal relationships, there’s a good potential for recovery and marked improvement.
|Less Severe (D) – £1,540 to £5,860
|Amount awarded will be affected by factors like the level to which sleep and daily life was impacted.
|Post-Traumatic Stress Disorder (PTSD)
|Severe – (A) -£59,860 to £100,670
|The injured person can’t function the way that they did before the trauma. The impact is felt on all areas of life.
|Moderately Severe – (B) – £23,150 to £59,860
|Better prospect of getting better with professional help but the impact will be significantly disabling in the future.
|Moderate – (C) – £8,180 to £23,150
|An overall recovery leaving no significantly disabling effects
|Less Severe – (D) – £3,950 to £8,180
|A recovery that can be described as complete within a 2 year period. If any symptoms do persist past this, then they will only be minor.
Please note that these amounts are provisional estimates and not set amounts. Each case varies according to the evidence presented. To see how much you could receive if you were to successfully sue for a data breach, speak with a member of our team today.
In the event of a successful claim, a legally-capped percentage of the settlement is deducted. This legal cap is set out in the Conditional Fee Agreements Order 2013. Nothing at all is due to the No Win No Fee solicitors for the work they’ve carried out if the case fails. Discover more about how a solicitor could help you today by:
- Calling our advisors on 0800 073 8801
- Filling out our contact us page
- Using the immediate help option of live support below
Related Data Breach Claims
As well as journalist data breach advice, the following resources offer further reading on related topics:
- Frequently asked questions on data breach compensation
- Can I claim after an HR data breach?
- What are your child’s rights after a school data breach?
Below there are some external resources that you can refer to:
- Read some tips about staying safe secure online
- Information from the government about data protection
- Standards of conduct from the National Union of Journalists
Guide by JW
Edited by FS