What Are Your Rights After A Child Protection Agency Data Breach?

In this guide, we will look at what could potentially constitute a child protection agency data breach. Throughout we will explain what a personal data breach is, who could be eligible to claim, and how long you have to start your claim. We will also explore how much compensation you may receive in addition to how our No Win No Fee (NWNF) solicitors could help you make your claim.


A Child Protection Agency Data Breach – Compensation Claims Guide

Due to the fact that different child protection agencies will process personal data of data subjects they are known as data controllers. This means they control what personal data they collect, how they use it, and why. As a result of this, they are bound by the UK General Data Protection Regulation 2016 (UK GDPR) and the Data Protection Act 2018 (DPA). If they fail to safeguard your personal data, because of a lack of adherence to data protection laws, leading to this information being breached, causing you harm you could eligible to claim compensation. 

If you would like free legal advice, you can contact our advisors today to discuss the validity of your claim. They may put you in touch with one of our No Win No Fee solicitors, who can then help you begin the claims process. Contact our advisors today by:

Select A Section

  1. What Is A Child Protection Agency Data Breach?
  2. Who Can Claim On Behalf Of A Child?
  3. What Data And Information Could Be Involved In The Breach?
  4. Time Limits To File A Claim For A Data Breach
  5. How Do I Calculate Compensation For A Child Protection Agency Data Breach?
  6. Can I Use A No Win No Fee Solicitor For A Child Protection Agency Data Breach?

What Is A Child Protection Agency Data Breach?

All different child protection agencies work alongside other organisations to ensure that at-risk children have access to appropriate safeguarding. Due to the nature of child protection agencies, they often have access to both personal data and a type of personal data known as sensitive data.

Personal data is any data that could possibly identify you, such as your name, address, or bank details. Sensitive data is a kind of personal data granted extra protections by data protection law and can include things like your religion, political leanings, and sexual orientation.

A personal data breach is a security incident that unlawfully or accidentally affects the confidentiality, availability, or integrity of your personal data. For example, if your personal data is shared without your consent or without any other lawful basis, this would constitute a data breach.

However, to make a claim, you must be able to prove that you have suffered either mental or financial harm. For example, following a personal data breach that exposes your address online, you may experience significant stress and anxiety. To find out if you could have a valid personal data breach claim, contact our team of advisors today.

Who Can Claim On Behalf Of A Child?

The UK GDPR and DPA apply to both adults and minors. As such, if a minor’s personal information is affected by a data breach, because the data controller did not comply with data protection laws and this caused them harm, then a litigation friend may be able to make a claim on their behalf until they reach the age of 18. 

A litigation friend is a representative over the age of 18 appointed to claim on their behalf. This could be a trusted friend, family member, or another adult. For more advice on how you could make a claim as a litigation friend on behalf of your child, get in touch with our advisors today.

What Data And Information Could Be Involved In The Breach?

As data controllers, child protection agencies decide what information they collect, and how and why they use it. Child protection agencies will collect and store both personal and sensitive data in order to competently carry out their duties. Some examples of personal data a child protection agency may hold can include:

  • Names
  • Home addresses of service users and foster families
  • Email addresses
  • Telephone numbers
  • Dates of birth
  • Nationalities

Child protection agencies may also require sensitive data from their service users. Sensitive data is a type of personal data that requires more protection under data protection law, and can include:

  • Religion
  • Race, nationality, and ethnic origin
  • Politics
  • Genetic and biometric data
  • Health data
  • Sex life and orientation

The main aim of child protection agencies is to safeguard children. As a result, any kind of personal data breach could cause immense stress and anxiety for an organisation’s service users, foster carers, staff and families. Contact our team of advisors today to find out if you could make a claim following a child protection agency data breach.

Time Limits To File A Claim For A Data Breach

Data breach time limits differ depending on who you are claiming against. In general, there is a 6-year time limit. However, if your claim is against a public body, the time limit is 1 year.

Organisations that suffer a personal data breach must report them to the Information Commissioner’s Office (ICO) within 72 hours, if the breach has the potential to affect rights or freedoms, they must also inform the data subject or their guardian if a child is affected without undue delay.

The ICO is the independent governing body tasked with enforcing data protection law. While you cannot claim compensation through the ICO, you can report a breach or suspected breach to them, and they may open an investigation and impose a fine on the organisation responsible.

Contact our advisors today for any advice needed on what steps you could take should a child protection agency data breach occur. 

How Do I Calculate Compensation For A Child Protection Agency Data Breach?

There are two potential heads of claim you can pursue in a personal data breach claim:

  • Material damages: These compensate for any financial losses caused by the breach. For example, a data breach compromising your banking information could result in unlawful cash withdrawals and identity theft.
  • Non-material damages: These relate to harm suffered in relation to mental health, including undue stress, anxiety, paranoia, and depression. 

The 16th edition of the Judicial College Guidelines (JCG), published in 2022, outlines the potential compensation brackets for non-material damages. The JCG provides legal professionals with guideline compensation amounts to help them value personal injury claims.

While the JCG is most often used in conjunction with accident at work claims and medical negligence claims, it also provides guidelines for a variety of mental health injuries, which is particularly useful for personal data breach claims.

Injury Compensation Notes
Severe psychological damage (a) £54,830 to £115,730 Problems with employability and life skills, with potential future problems concerning vulnerability, maintaining relationships, and prognosis. The amount awarded depends on the medical treatment sought and to what extent it was successful.
Moderately severe psychological damage (b) £19,070 to £54,830 A more optimistic prognosis than above, however, there are still issues present.
Moderate psychological damage (c) £5,860 to £19,070 An overall improvement in regards to prognosis in relation to the above brackets.
Less severe psychological damage (d) £1,540 to £5,860 The injured person’s award has considered the period of disability and how the injury has affected daily activities and sleep.
Severe anxiety disorder (a) £59,860 to £100,670 Prevents workability at all or to a normal functioning level.
Moderately severe anxiety disorder (b) £23,150 to £59,860 The individual may have a slightly improved prognosis, but there are some disabilities for the future.
Moderate anxiety disorder (c) £8,180 to £23,150 The person has undertaken a near full recovery where the persisting effects will not be substantially disabling.
Less severe anxiety disorder (d) £3,950 to £8,180 Within two years there will have been a near-complete recovery.

Since the Court of Appeals ruling in Vidal-Hall and Others v Google Inc. (2015), you can now claim for non-material damages without claiming for material damages. 

These figures are not guaranteed amounts. To get a free estimate of what your claim could be worth, contact our advisors today.

Can I Use A No Win No Fee Solicitor For A Child Protection Agency Data Breach?

The expert knowledge of a personal data breach solicitor can make the claims process feel much less daunting, but many people worry about the cost of professional legal counsel. However, our solicitors offer a No Win No Fee agreement, called a Conditional Fee Agreement (CFA).

Under a CFA, you only pay your solicitor’s fees if your claim succeeds. In this case, their success fee will be taken as a small percentage of your final compensation sum. This percentage has a legal cap, to ensure you receive the majority of your compensation. If your claim fails, there will be no success fee.

Find out how one of our No Win No Fee solicitors could benefit you today by:

Personal Data Breach Claim Resources

For more information on personal data breaches, we recommend:

Or, read these other useful links:

Contact our advisors for advice on what to do should a child protection agency data breach occur.