Could You Claim For Stress Due To A Data Breach? – Stress Compensation For Data Breach Claim UK Law
Have you been suffering from stress due to a data breach? You could potentially claim compensation if you have evidence that an organisation has allowed your personal information to be breached.
If your personal information is lost or stolen in a data breach, it could cause you financial harm in both the short-term and long-term future. These financial losses and the whole ordeal of having your data breached can cause victims a lot of stress.
If you are able to start a claim for a data breach, then you could be compensated for stress and other psychological damage you’ve suffered because of the issue. In this guide, we’ll explain how a compensation claim for stress could be started following a data breach.
Get In Touch With Our Team
You can contact UK Law for free specialist advice on claiming for a data breach. Our panel of solicitors can assist with any queries you may have about this type of claim. To speak to us online, you can use our live chat service, or message us with our claim online or call back forms. If you would like to speak to us on the phone instead, then call 020 3870 4868
Services And Information
- Everything You Need To Know About Stress Due To A Data Breach
- What Is Stress Due To A Data Breach?
- What Could Be The Emotional Impact Of A Data Breach?
- Could A Data Protection Breach Cause You Stress?
- What Psychological Disorders Could Data Breach Stress Trigger?
- Calculate Compensation For Stress Due To A Data Breach
- Types Of Data Protection Breaches
- GDPR Compliance Checklist
- Report A Breach Of The GDPR Or Data Protection Act
- The Data Protection Breach Claim Limitation Period
- I Suffered Stress Due To A Data Breach, What Should I Do?
- Claim For Stress Due To A Data Breach On A No Win No Fee Basis
- Contact Us For More Support
- Related Services
- Data Protection FAQs
People can feel stress due to a data breach because of the potential consequences such a breach can lead to. If a company mismanages your personal data or allows it to be stolen, it could impact your finances. Any financial losses you do suffer or just the fear of financial losses and other consequences can be enough to provoke stress and other mental harm. We’ll explain how data breaches can occur and how they may affect you, including potential mental damage.
Also, we’ll explain what legislation a company could have failed to adhere to if data they have on you is breached. We will talk you through what options you can follow if you have confirmation that your data has been breached. We’ll also discuss data breach distress compensation amounts that may be offered depending on certain factors.
If you become a victim of a data breach, then this could lead to numerous consequences. For instance, the breach could lead to personal and financial information of yours being taken and shared by criminals. You could also lose money and your credit ratings could be compromised. Even if these things don’t happen, just the thought of having your data breached and the potential consequences could be enough to provoke psychological pain such as stress.
Stress can cause a range of physical and mental symptoms. These can include constantly worrying, headaches, muscle tension, difficulty sleeping, forgetfulness and difficulty concentrating. An assessment from a medical professional may be able to diagnose stress or other psychological pain you’re experiencing due to a data breach.
What is a data breach?
A data breach is when personal data is accidentally or unlawfully altered, destroyed, lost or disclosed in an unauthorised manner. Data breaches can affect both public and private companies and they can be broadly defined as a security incident. Examples of data breaches can include:
- A company sending personal data to the wrong recipient
- Losing computing devices (such as a hard drive or USB stick) that contains personal data
- Personal data stored by a company gets accessed by an unauthorised third party
- Leaving filing cabinet open that contains personal files.
Any company in the UK which handles personal data is legally obliged to follow the rules set out by the General Data Protection Regulation (GDPR) under the Data Protection Act 2018. A company that has a data breach must inform the people affected without delay if the breach is likely to put their ‘rights and freedoms at high risk. The affected people should be informed of the nature of the breach and how it may compromise them (personally and/or financially).
Being the victim of a data breach can have a significant emotional impact. That’s because such incidents have the potential to compromise your privacy and finances. If your data falls into the hands of a criminal, then they may utilise it for acts of fraud or identity theft. Organisations such as the Information Commissioner’s Office (ICO), which enforces data protection policies, mention that data breaches can cause emotional distress because of the risks involved.
As well as feeling stressed and anxious about the breach itself and its consequences, such incidents can have a long-term impact on the relationship between those that handle data and the data subjects (those giving consent to provide the data). Becoming a victim of a data breach can make someone less likely to trust organisations with their personal data.
Being affected by a data breach can lead to a range of psychological effects. Victims can feel stress just from being aware that their personal data has been compromised. Certain actions which you may need to take because of a data breach can also cause that stress to increase. For instance, a data breach could lead to challenging life events such as losing a job, needing to move to a different home/area and affect your ties with family members. Such moments can be stressful on their own, but knowing a data breach has caused them can amplify those negative feelings.
As highlighted by numerous organisations a data breach can lead victims to suffer a high level of stress. The level of stress that may be experienced could potentially trigger psychological disorders within certain victims. Symptoms of the following conditions may be identified in some cases:
- Adjustment disorders
- Depressive disorder
- Generalised anxiety disorder
- Post-traumatic stress disorder (PTSD)
If you become a victim of a data breach and experience psychological damage that is diagnosable, then you may be able to claim compensation for such damage. You do not need to have experienced any material damage, such as loss of money, to claim for psychological harm caused by a data breach.
When claiming compensation for a data breach, there are two main types of damage you may be able to claim for. Those are material damage and non-material damage. Material damage refers to losses associated with any possessions. Loss of money can be one example of this. Non-material damage refers to psychological damage which can be directly linked to a data breach and its consequences.
In the past, psychological damages could only be claimed following a data breach if any material damage was experienced. However, this changed following the outcome of the Vidal-Hall v Google Inc 2015 court case. Since this landmark case, it is now possible to claim for non-material damage following a data breach without needing to establish any material damages.
How much you could receive in compensation for stress and other psychological harm under non-material damage depends on certain factors. It depends on what forms of harm you suffered and how severe the damage is deemed to be. Your claim also needs to establish that the psychological damage you have suffered has been directly caused by a data breach.
In the table below, we have included bracket payouts you may receive for different kinds of non-material damage. The figures are based on figures provided by the Judicial College guidelines. Solicitors supporting victims of data breaches may use these guidelines to work out the value of their client’s psychological injuries.
|Psychiatric Damage Generally||Severe||£54,830 to £115,730|
|Psychiatric Damage Generally||Moderately Severe||£19,070 to £54,830|
|Psychiatric Damage Generally||Moderate||£5,860 to £19,070|
|Psychiatric Damage Generally||Less Severe||£1,540 to £5,860|
|Post-Traumatic Stress Disorder||Severe||£59,860 to £100,670|
|Post-Traumatic Stress Disorder||Moderately Severe||£23,150 to £59,860|
|Post-Traumatic Stress Disorder||Moderate||£8,180 to £23,150|
|Post-Traumatic Stress Disorder||Less Severe||£3,950 to £8,180|
You can contact UK Law to get a more precise estimate of your potential compensation payout. Our advisors can advise on the amount you may receive based on the details of your claim.
Data protection breaches can come in many forms both deliberate and accidental. The main types of a data breach which you could ultimately be affected by include the following:
Cyber attacks and hacking
A hacker may take, manipulate or block access to personal data on a computer or computer network by launching cyberattacks on it. Examples of cyber attacks include denial of service (DoS) attacks, password attacks and malware.
Viruses and ransomware
Someone may attempt to wipe or manipulate personal data by sending a type of malware known as software sent to someone who can already access it. When a computer virus is able to get onto a device or computer network with personal data, it is often because someone with authorised access opened an email link or file which may look legitimate but secretly contains the virus. Once the virus has entered a computer or network, it could then wipe all of the data contained within it.
Phishing scams may be utilised to access your personal data. For instance, you could be sent an email or text which disguises itself as a legitimate company and encourages you to input personal and/or bank details. Victims of phishing may give criminals their passwords or personal information which will allow them to gain personal data or resources such as money.
Phishing may also be achieved with ransomware. This type of malware can infiltrate computers and networks through an email or file which looks legitimate. Once it has infiltrated, it can then block access to all data within the computer or network and demand a ransom from whoever has been affected so they can regain access. If a company or individual refuses to pay the ransom, then the ransomware may destroy the affected data. However, there’s no guarantee that access to the data will be granted even if the ransom is paid.
Negligence with cybersecurity
Cybercriminals are regularly updating the malware and other tools they use in order to access security systems where personal data exists. It’s therefore important for companies that hold important data on computers or networks to regularly update their cybersecurity. If, however, a company is slow or unwilling to update security for personal data they have, then cybercriminals may be able to identify and exploit weaknesses that grant them access to that data.
Physical theft or exposure
A data breach can occur in physical forms if a device containing personal data is either lost, stolen or destroyed. As an example, a company employee may be holding a USB stick containing the private information of clients. If that employee were to misplace that USB stick or a thief steals it, that would be considered a data breach.
Non-consensual use of data
If a company or individual uses your personal data in a way that you did not consent to beforehand, then it may be considered a data breach. However, a company may not always need your consent to use your data.
The General Data Protection Regulation (GDPR) is a set of rules for the collecting and processing of personal data. A company is required to follow the GDPR if they handle any personal data from EU citizens. This applies regardless of where in the world a company is based. In the UK, the rules of the GDPR are implemented within the Data Protection Act 2018.
Websites are required to give visitors notification of the data which they collect and they should ensure that the visitor consents to this information gathering. This is often done by requiring visitors to click on an ‘Agree’ button. Companies and individuals can use an online GDPR checklist to determine if their organisation is compliant with the requirements of GDPR. However, the list should not be interpreted as legal advice.
Do you have a concern about the way an organisation is handling your personal data? If so, you have the right to raise a complaint about this. The ICO recommends that you first contact the organisation you’re concerned about directly regarding the breach of your personal data. Depending on your exact concern, you could ask the organisation to confirm that your data has been breached and/or the nature and potential consequences of the breach.
If you do not receive a response or you get an inadequate one, then you could consider raising your complaint with the ICO as a last resort. The ICO recommends raising your complaint with them if it has been 3 months since your last meaningful communication with the organisation you’re concerned about. Try not to leave it for significantly longer than three months before speaking to the ICO. If you do, then they are unlikely to investigate your concern.
If the ICO investigates a data breach that has affected you, then their findings could possibly be used as evidence in a compensation claim. It should be noted, however, that the ICO can’t reward compensation for any data breaches.
Following a data breach, you may ask how long you have to start a compensation claim for it. Usually, a claim for a data breach must be started within six years.
An exception applies if the data breach incident focuses on a breach of human rights (under the European Convention of Human Rights). When this applies, the claim needs to be started within a year.
Are you suffering symptoms of stress following a data breach that has affected you? Then your first priority should be to seek any medical care you require. If you are considering starting a compensation claim for the stress caused by a data breach, then it would be useful to gather medical evidence for any treatment you receive.
Examples of evidence could include medical notes or discharge letters. Records from your GP or another medical professional could show that you’ve experienced mental harm due to a data breach.
After receiving medical care
Evidence can include financial records if theft of your money has occurred due to the data breach. Evidence could also come from the organisation which has been handling the personal data which has been breached. If they’ve sent you a letter confirming the data breach, when it happened and what was exposed, this can prove to be vital evidence.
If the organisation responsible for your breached data hasn’t communicated the issue to you clearly, then you could contact them to raise a complaint. Within your complaint, you can ask the organisation to confirm that a data breach has happened. You can also ask for confirmation on when it happened and how exactly it affects you.
If you don’t get an adequate response to your complaint within 3 months, then you could raise your complaint with the Information Commissioner’s Office (ICO). The ICO can not compensate you for the data breach. However, they could investigate the incident for you and their findings may be used as evidence for your claim.
When you’ve gathered all the evidence available, you could then choose to contact a solicitor who can assist with your case. We recommend choosing a solicitor who has prior experience in handling data breach claims. Your chosen solicitor will review your case based on the facts and evidence available. If they are happy to support your claim, you can then sign an agreement with the solicitor. From here, your solicitor can guide you through all the remaining steps required to process your claim.
You may sign a No Win No Fee agreement with a solicitor as a way of paying for their fees. This type of agreement can offer several financial benefits, such as the following:
- No legal fees will need to be paid upfront to your solicitor.
- You won’t be required to pay any legal fees during the process of your claim either.
- Should your claim prove unsuccessful, then you will not be required to pay your solicitor’s legal fees. This gives your solicitor plenty of incentive to work hard on your case since they face extra risk.
If your No Win No Fee claim ultimately succeeds, then a small percentage of your compensation will be deducted by your solicitor to cover their legal fees. The amount your solicitor is able to charge is capped.
You can contact UK Law today for advice on making a compensation claim for a breach of your data. Our advisors can help you to gain a clearer understanding of the justifications and evidence required to successfully claim for a data breach. You can reach them through the following methods:
- Through our online live chat service
- With our claim online form
- Through our call back form
- By phoning us on 020 3870 4868
At UK Law, we can offer guidance and support on a range of different compensation claims. Our services include the ability to advise on a variety of different personal injury claims. You can check out our personal injury claim guides, including the following:
In this final section of our guide, we have answered some frequently asked questions regarding breaches of personal data.
How much compensation do you get for a breach of data protection?
The amount of compensation you could receive for a data breach that has affected you can vary a lot. It depends on several factors, including what money and other possessions you’ve lost. Any mental harm you’ve suffered which can be linked to the data breach is also taken into account.
Can you sue for breach of GDPR?
You may be able to start a compensation claim against an organisation if you have evidence that they have breached your data. Evidence that an organisation has breached the requirements of the GDPR could justify action.
Can you claim for distress?
It may be possible to claim compensation for distress and other forms of psychological damage caused by a data breach. To achieve this, you may need medical evidence which confirms your injuries and you may need proof that these injuries are linked to a data breach that affects you.
Thank you for reading our guide on claiming compensation for stress due to a data breach.
Checked by EI.