Data Breach Compensation Claims Guide
By Stephen Moreau. Last Updated 25th May 2022. Welcome to our complete guide to data breach compensation claims. On this page, you can find lots of useful information that’s designed to inform you of your legal rights if you fall victim to a GDPR breach.
We’ll also take a look at some key terms and definitions, the latest statistics, and some data breach compensation examples to help inform you as much as possible.
The law surrounding data protection has seen significant development in the last few years, mostly spurred by the introduction of the General Data Protection Regulation (GDPR). Introduced by the EU, it applies to every organisation based in any country that collects, processes and stores data relating to EU citizens.
GDPR is designed to give data subjects (which would be us) more control over how the information is used, with one of the underpinning principles being consent. Essentially, an organisation cannot use our data in ways that we haven’t consented to.
For example, the marketing firm Leads Works Ltd was fined £330,000 for sending around 2.6 million spam text messages during the coronavirus pandemic without first obtaining the consent of the recipients.
Here at UK Law, we understand all too well the impact that a data breach can have on a person’s life. Even small repercussions of a data breach such as receiving spam or nuisance calls or texts can cause stress.
But the implications can be much more severe. In one of the worst-case scenarios, a person could see their financial data stolen, which could lead to identity theft, money taken from their bank accounts, or their credit rating ruined.
Similarly, the damage to mental health can be extreme too. For instance, if a victim of domestic violence had been moved to sheltered housing away from their abusive partner, a simple error such as sending a letter containing their new address to the home of their partner could lead to significant stress for the victim, who may fear an unwanted visit from their partner.
Select A Section
- A Guide To Claiming GDPR Data Breach Compensation
- Data Breach Glossary
- What Is A Data Breach?
- How Can Data Breaches Happen?
- Statistics On Data Breaches
- Data Breach Compensation Examples
- Making A No Win No Fee Data Breach Claim
- Read More Data Breach Compensation Guides
Below, we’ll take a look at data breach compensation claims in more detail. We’ll explore the definitions of some key terms, examine what exactly a data breach is and how it could happen.
We’ll look at the latest statistics from the Information Commissioner’s Office (ICO) too, the body responsible for enforcing data breach law in the UK.
We’ll also provide you with some useful information on the potential compensation payouts for the damage inflicted by a breach. Plus, we offer advice to you on how our panel of No Win No Fee solicitors can help you.
If at any point you have a question or would like to enquire about making a claim, you can reach our advisers in any of the following ways:
- By calling us on 020 3870 4868
- Writing to us by using our claim online page
- Or chatting with us now via our live chat
Below, we’ve included the definitions of some key terms which you may encounter when researching data breach claims:
- Data Subject – this is the individual whose data will be subject to collection, processing and use
- Data Controller – a controller, usually an organisation or sometimes an individual, sets out the reasons why data is to be collected. Sometimes they also process data, store it and use it themselves
- Data Processor – some organisations, particularly those of significant size, may contract out the processing of data to a third party known as a data processor.
- Material Damages – this is one part of a potential data breach compensation award. It relates purely to the damage done to the victim’s financial position.
- Non-Material Damages – another part of a potential compensation award, non-material damages relate to the victim’s mental health and the detrimental impact the data breach has had on it, such as the development of stress, anxiety or depression.
It’s always useful to know what exactly a data breach involves.
A breach doesn’t just relate to information that has been lost. It involves any kind of security incident that leads to either the accidental or unlawful alteration, destruction, unauthorised disclosure of or access to personal data.
Crucially, a personal data breach can involve:
- Accidental causes, such as a person sending an email to the wrong recipient
- Deliberate causes, like hackers gaining access to databases containing sensitive information.
We’ve touched upon some of the ways in which a data breach can happen. They may involve deliberate, criminal acts, or simple incidences of negligence.
Regardless of how a breach occurs, it could cause significant damage to those affected.
In this section of our guide to seeking data breach compensation, we wanted to provide you with examples of ways in which breaches can happen. Largely, they fall into two categories—those relating to cybersecurity and everything other than cybercrime-based breaches.
If you’ve heard about significant data breaches in the news, it’ll most likely be the result of some form of cybercrime.
Some of the most common data breaches relating to cybersecurity involve:
- Ransomware attacks – hackers gaining access to systems and adding a layer of encryption to prevent people from gaining access. Data is often stolen too, with copies made. The ability to regain access to data, or to secure the deletion of stolen information, often involves a ransom being paid to the hackers. This is what happened with the Blackbaud hack.
- Phishing – this cybersecurity threat is on the rise. Phishing attempts involve posing as a legitimate organisation to trick people into entering their private and sensitive information. This may be a username or password, which hackers can then use to gain legitimate access to servers.
- Malware – this is an umbrella term for any type of software that’s designed to harm a computer or network.
Non-cyber security data breaches often relate to instances of human error. Some examples include:
- Private information being emailed, posted or faxed to the wrong recipient
- A failure to redact sensitive information when disclosed to third parties.
- Incorrect or ineffective disposal of paperwork or hardware. Paperwork, in particular, should be confidentially shredded and destroyed to prevent it from getting into the wrong hands.
- The loss or theft of devices or paperwork containing sensitive information.
- Verbal disclosure of sensitive information, such as two colleagues discussing matters within earshot of others.
Now you may think that data breaches surely can’t be that common. After all, we expect companies and organisations to invest in their cyber-security to prevent threats from coming to fruition. Especially given the volume of data that some of them possess about us.
However, if we take a look at the latest data security statistics published by the ICO, there was a staggering 2,425 data breaches between 1st January 2021 and 31st March 2021 alone. That’s nearly 1,000 breaches per month.
The sectors most impacted by breaches of data protection were:
- Health – 420 data breaches
- Education – 342 breaches
- Finance – 255 data breaches
- Local government – 240 data breaches
- Retail – 233 data breaches
The top 3 causes of data breaches were:
- Data emailed to the wrong person – 443 breaches
- Phishing attacks – 249 breaches
- Data posted or faxed to the wrong recipient – 233 breaches
In all, human error accounted for over double the amount of breaches in comparison to cybercrime.
This just goes to show that we need to be more vigilant when it comes to handling data. Perhaps organisations should invest more in data security training to help achieve this.
We’ve spoken a lot about how to make a claim, but now let’s look at some data breach compensation examples.
It’s possible to claim compensation for two different forms of damage under data breach law—material damages and non-material damages.
As we’ve seen above in our glossary section, material damage relates to the financial impact caused by a breach, and non-material damage relate to the psychological injuries caused by the breach, such as stress.
Following an important decision by the Court of Appeal in the case of Vidal-Hall v Google , the position on seeking data breach compensation changed. Before this case, it was necessary to have suffered financial damage in order to claim compensation for the impact on your mental health.
However, the Court of Appeal changed the position. Now it’s possible to seek compensation for either form of damage. And to help determine the potential values of injuries, we can turn to the Judicial College Guidelines (16th edition, published in April 2022) for support.
This publication is used in personal injury law by solicitors to accurately assess the value of a claim. However, the figures are used in data breach law too.
|Psychiatric Damage Generally||Severe||£54,830 to £115,730|
|Psychiatric Damage Generally||Moderately Severe||£19,070 to £54,830|
|Psychiatric Damage Generally||Moderate||£5,860 to £19,070|
|Psychiatric Damage Generally||Less Severe||£1,540 to £5,860|
|Post-Traumatic Stress Disorder||Severe||£59,860 to £100,670|
|Post-Traumatic Stress Disorder||Moderately Severe||£23,150 to £59,860|
|Post-Traumatic Stress Disorder||Moderate||£8,180 to £23,150|
|Post-Traumatic Stress Disorder||Less Severe||£3,950 to £8,180|
If you’d like a more precise estimate of the value of your injuries, please get in touch with our team of advisers on the number at the top of this page.
More Data Breach Compensation Examples
The impact of a data breach can be far-reaching and the true extent may not be immediately apparent.
This is particularly the case with financial damage. To help you quantify your losses, it’s important to retain the likes of bank statements, Paypal account details, and credit score reports.
All of these bits of evidence will help you when it comes to making a data breach claim, not just in proving that the breach happened, but that you get fairly compensated for all of the damage suffered.
If you’d like more data breach compensation examples, please reach out to us on the number at the top of this page. We’d be more than happy to discuss cases and payouts.
At UK Law, we believe that everybody should have access to justice. To achieve this, our panel of data breach solicitors offer all claimants the chance to pursue their claim on a No Win No Fee basis.
This is a term you’ve probably heard before. Here’s what it means:
- You agree to pay your solicitor a small percentage of your compensation award on the condition that they achieve a successful outcome in your claim. This percentage covers their costs and is capped by law at a low level.
- There are no upfront fees to pay, nor anything to pay while the claim is ongoing.
- If the claim is unsuccessful, you won’t be responsible for any of your solicitor’s fees.
To learn more about No Win No Fee claims, please get in touch.
You may also find the following guides useful:
- Could You Claim For Stress Due To A Data Breach?
- Data Subject Rights Following A Breach Of Data Protection
- Lost Medical Records Compensation Claims In The UK
We hope our guide on GDPR breach compensation amounts in the UK and other related matters has been useful for you.