Claiming Compensation After A Police Data Breach

In this guide, we set out what you need to know about making a claim after a police data breach has caused you harm. We define what a data breach is and provide guidance on when you could be eligible to start a claim. 

police data breach

Police data breach claims guide

In addition to this, we offer examples of these kinds of data breaches and outline the evidence that will help support your claim. We also highlight the role of the Information Commissioner’s Office and the steps you might need to take as part of the claims process. Moreover, we discuss examples of the payout you could receive and how compensation for a data breach is calculated. 

Furthermore, we outline the time limitations to be aware of, and we finish our guide by setting out the ways a No Win No Fee agreement can work, as well as the benefits of working with a solicitor. 

To learn more about claiming after a police data breach, please continue to read. If you would like to have a conversation about your claim, you can speak with a team member using one of the methods below: 

Browse Our Guide

  1. When Could You Claim Compensation For A Police Data Breach?
  2. Examples Of Data Breaches Involving Police Forces
  3. What Evidence Do You Need To Prove A Police Data Breach Claim?
  4. Data Breach Compensation Examples
  5. Make A UK GDPR Breach Claim On A No Win No Fee Basis
  6. Learn More About Claiming Data Breach Compensation

When Could You Claim Compensation For A Police Data Breach?

You may be wondering what is classed as a data breach. The ICO defines a data breach as a security incident that results in unlawful destruction, loss, change, or unauthorised disclosure of, or access to, personal data.

The Data Protection Act 2018 sets out the laws which state how personal data should be handled and processed. This works alongside the UK General Data Protection Regulation.

To fulfil the eligibility requirements for making a police data breach claim, your circumstances should fit the following criteria: 

  • A controller or processor has failed to comply with data protection laws, leading to a data breach.
  • This breach involves your personal data.
  • This breach has caused you to suffer harm. 

A data controller is a party that decides why and how your information is being collected. A processor is someone who processes data on behalf of the controller.

The police may have information about you, such as your full name, address, and date of birth, for a number of different reasons. For example, if you are an employee of the police or if you have been a witness to an incident. 

Moreover, this data may also contain criminal offence data which requires more protection due to its sensitive nature, similar to special category data. Criminal offence data may contain information about your convictions and any involvement in criminal activities, but can also include data about unproven allegations, for example. 

For more information about whether you could claim compensation after a police data breach has caused you harm, speak with one of our team members.

Time Limits In Data Breach Claims

Another key piece of the criteria you should fulfil to ensure your eligibility is adhering to the time limitations. You typically have six years from the date of the breach to start a claim.

However, this is reduced to one year to begin your claim if it involves a public body like the police force or social services.

Please get in touch to receive a free evaluation of your police data breach claim. A member of our team could tell you whether you are within the limitation period to pursue compensation. 

Examples Of Data Breaches Involving Police Forces

The police force could breach your data in numerous ways: 

  • Failure to redact documents: When sharing information or creating press releases, redacting sensitive information is important to protect identities and addresses. If there is a failure to do this, your information could be compromised.
  • Email misuse: your data may be sent to the wrong email address, giving someone without authorisation access to your information.
  • Lost or stolen devices: A device such as a memory stick or laptop could contain your personal data or criminal offence data. If this is unencrypted and is lost or stolen, then someone could be able to access your personal data. 
  • Posting letters to the incorrect address: Information about your criminal convictions or activity could be sent to the wrong postal address despite you having given your correct detail, giving unauthorised access to your data. This may be due to the police’s failure to update their records.

To get an assessment of your circumstances, please contact us. If you do have a valid claim, they could connect you with a No Win No Fee lawyer from our panel. 

What Evidence Do You Need To Prove A Police Data Breach Claim?

There are a number of steps that you can take to collect evidence in support of your data breach claim. You can bring a complaint about the data breach directly to the data controller.

The data controller is required to notify you without undue delay if a breach occurs that infringes upon your rights and freedoms. They should also inform the ICO within 72 hours.

You could also bring the breach to the attention of the ICO if you do not find the response of the controller to be adequate. You have three months from the controller’s last meaningful response to do this.

Copies of the communication you have had with the ICO and controller, such as emails or letters, can act as evidence. Furthermore, you can collect proof of the financial impact the breach has had on you, such as a copy of your credit score or bank statements showing that you have had money stolen from your account.

To learn more about what evidence could assist you in supporting your claim, please refer to the contact methods listed at the top and bottom of this guide to receive a free consultation. 

Data Breach Compensation Examples

You may be entitled to compensation after suffering harm from a data breach. There are two types of damage for which you could receive compensation, called material and non-material damage. 

Material damage relates to the financial harm that you have suffered. This could include money stolen from your bank account because of identity theft or loss of earnings if the breach caused mental injuries for which you took time off work. 

Comparatively, non-material damage can be any emotional harm you experienced as a result of the breach. This could include anxiety or stress due to a data breach, as well as conditions such as post-traumatic stress disorder. Hospital documents or letters from your GP can illustrate this.

When valuing this head of a claim, solicitors may utilise the compensation brackets within the Judicial College Guidelines. This is a publication that can be used to value claims, including parts of data breach and personal injury claims

These figures are in the table below, but they are only a form of guidance. The representations are not entirely accurate, and your compensation will largely depend on the circumstances of the police data breach claim and how you were impacted. 

Compensation Guidelines

Injury Severity Notes Compensation Guidelines
Psychiatric Damage Severe (a) There are marked problems in coping with education, relationships and work. Prognosis is poor. £54,830 – £115,730
Moderately Severe (b) Problems with education, employment and relationships but there is a more optimistic prognosis than in more serious cases. £19,070 – £54,830
Moderate (c) There are problems associated with the aspects of life mentioned in the rows above but there has been evident improvement and a good prognosis. £5,860 – £19,070
Less Severe (d) The length of time which the disability persists for will be considered in addition to the extent of the effect on daily life and sleep. £1,540 – £5,860
Post-Traumatic Stress Disorder Severe (a) Permanent effects preventing return to employment and stopping the person from functioning the way they did before the trauma. £59,860 – £100,670
Moderately Severe (b) A better prognosis and a likelihood for a partial recovery with professional assistance. However, disability will persist for the foreseeable future. £23,150 – £59,860
Moderate (c) Mostly recovered and any effects which persist are not grossly disabling. £8,180 – £23,150
Less Severe (d) A full recovery is made within one to two years and the symptoms that continue are minor. £3,950 – £8,180

Please reach out to an advisor who can speak to our solicitors and provide a more accurate representation of the payout you may receive.

Make A UK GDPR Breach Claim On A No Win No Fee Basis

If you claim after a police data breach, you may work with a solicitor who offers to work on a No Win No Fee basis. They may offer you a Conditional Fee Agreement.

With this kind of agreement in place, if your claim is not a success, you won’t pay your solicitor for the services they have provided. Furthermore, there are no requirements for you to pay them upfront or as your claim progresses. 

A successful claim will permit your solicitor to deduct a success fee from the award. The percentage solicitors take is limited by the Conditional Fee Agreements Order 2013. A discussion will most likely occur between you and your solicitor concerning the amount before you both enter the agreement. 

Please don’t hesitate to contact us with any questions about claiming data breach compensation. Our solicitors can provide further guidance on what a No Win No Fee agreement entails. 

Contact Us

To discuss your case further, please contact our team. Our advisors are available 24/7 to provide evaluations and offer advice related to the circumstances of your claim.

To reach us, please use one of the following methods: 

Learn More About Claiming Data Breach Compensation

If you found our guide on how to claim for a police data breach helpful, more of our guides are below: 

For more helpful information, visit the sites linked: 

Guide by EM 

Edited by FS