Could You Claim For Stress Due To A Data Breach? – Stress Compensation For Data Breach Claim UK Law
By Lewis Aaliyah. Last Updated 3rd February 2023. Have you been suffering from stress due to a data breach? You could potentially claim compensation if you have evidence that an organisation has allowed your personal information to be breached.
If your personal information is lost or stolen in a data breach, it could cause you financial harm in both the short-term and long-term future. These financial losses and the whole ordeal of having your data breached can cause victims a lot of stress.
If you are able to start a claim for a data breach, then you could be compensated for stress and other psychological damage you’ve suffered because of the issue. In this guide, we’ll explain how a compensation claim for stress could be started following a data breach.
Get In Touch With Our Team
You can contact UK Law for free specialist advice on claiming for a data breach. Our panel of solicitors can assist with any queries you may have about this type of claim. To speak to us online, you can use our live chat service, or message us with our claim online or call back forms. If you would like to speak to us on the phone instead, then call 020 3870 4868
Services And Information
- Everything You Need To Know About Stress Due To A Data Breach
- What Is Stress Due To A Data Breach?
- What Could Be The Emotional Impact Of A Data Breach?
- Could A Data Protection Breach Cause You Stress?
- What Psychological Disorders Could Data Breach Stress Trigger?
- Calculate Compensation For Stress Due To A Data Breach
- Types Of Data Protection Breaches
- GDPR Compliance Checklist
- Report A Breach Of The GDPR Or Data Protection Act
- The Data Protection Breach Claim Limitation Period
- Compensation For Stress – Evidence Examples And Other Information
- Compensation For Stress Caused – No Win No Fee Data Breach Solicitors
- Contact Us For More Support
- Related Services
People can feel stress due to a data breach because of the potential consequences such a breach can lead to. If a company mismanages your personal data or allows it to be stolen, it could impact your finances. Any financial losses you do suffer or just the fear of financial losses and other consequences can be enough to provoke stress and other mental harm. We’ll explain how data breaches can occur and how they may affect you, including potential mental damage.
Also, we’ll explain what legislation a company could have failed to adhere to if data they have on you is breached. We will talk you through what options you can follow if you have confirmation that your data has been breached. We’ll also discuss data breach distress compensation amounts that may be offered depending on certain factors.
If you become a victim of a data breach, then this could lead to numerous consequences. For instance, the breach could lead to personal and financial information of yours being taken and shared by criminals. You could also lose money and your credit ratings could be compromised. Even if these things don’t happen, just the thought of having your data breached and the potential consequences could be enough to provoke psychological pain such as stress.
Stress can cause a range of physical and mental symptoms. These can include constantly worrying, headaches, muscle tension, difficulty sleeping, forgetfulness and difficulty concentrating. An assessment from a medical professional may be able to diagnose stress or other psychological pain you’re experiencing due to a data breach.
What is a data breach?
A data breach is when personal data is accidentally or unlawfully altered, destroyed, lost or disclosed in an unauthorised manner. Data breaches can affect both public and private companies and they can be broadly defined as a security incident. Examples of data breaches can include:
- A company sending personal data to the wrong recipient
- Losing computing devices (such as a hard drive or USB stick) that contains personal data
- Personal data stored by a company gets accessed by an unauthorised third party
- Leaving filing cabinet open that contains personal files.
Any company in the UK which handles personal data is legally obliged to follow the rules set out by the General Data Protection Regulation (GDPR) under the Data Protection Act 2018. A company that has a data breach must inform the people affected without delay if the breach is likely to put their ‘rights and freedoms at high risk. The affected people should be informed of the nature of the breach and how it may compromise them (personally and/or financially).
Being the victim of a data breach can have a significant emotional impact. That’s because such incidents have the potential to compromise your privacy and finances. If your data falls into the hands of a criminal, then they may utilise it for acts of fraud or identity theft. Organisations such as the Information Commissioner’s Office (ICO), which enforces data protection policies, mention that data breaches can cause emotional distress because of the risks involved.
As well as feeling stressed and anxious about the breach itself and its consequences, such incidents can have a long-term impact on the relationship between those that handle data and the data subjects (those giving consent to provide the data). Becoming a victim of a data breach can make someone less likely to trust organisations with their personal data.
Being affected by a data breach can lead to a range of psychological effects. Victims can feel stress just from being aware that their personal data has been compromised. Certain actions which you may need to take because of a data breach can also cause that stress to increase. For instance, a data breach could lead to challenging life events such as losing a job, needing to move to a different home/area and affect your ties with family members. Such moments can be stressful on their own, but knowing a data breach has caused them can amplify those negative feelings.
As highlighted by numerous organisations a data breach can lead victims to suffer a high level of stress. The level of stress that may be experienced could potentially trigger psychological disorders within certain victims. Symptoms of the following conditions may be identified in some cases:
- Adjustment disorders
- Depressive disorder
- Generalised anxiety disorder
- Post-traumatic stress disorder (PTSD)
If you become a victim of a data breach and experience psychological damage that is diagnosable, then you may be able to claim compensation for such damage. You do not need to have experienced any material damage, such as loss of money, to claim for psychological harm caused by a data breach.
When claiming compensation for a data breach, there are two main types of damage you may be able to claim for. Those are material damage and non-material damage. Material damage refers to losses associated with any possessions. Loss of money can be one example of this. Non-material damage refers to psychological damage which can be directly linked to a data breach and its consequences.
In the past, psychological damages could only be claimed following a data breach if any material damage was experienced. However, this changed following the outcome of the Vidal-Hall v Google Inc 2015 court case. Since this landmark case, it is now possible to claim for non-material damage following a data breach without needing to establish any material damages.
How much you could receive in compensation for stress and other psychological harm under non-material damage depends on certain factors. It depends on what forms of harm you suffered and how severe the damage is deemed to be. Your claim also needs to establish that the psychological damage you have suffered has been directly caused by a data breach.
In the table below, we have included bracket payouts you may receive for different kinds of non-material damage. The figures are based on figures provided by the Judicial College guidelines. Solicitors supporting victims of data breaches may use these guidelines to work out the value of their client’s psychological injuries.
|Severe Psychological Harm + Special Damages||Severe||Severe psychological damage combined with significant financial losses, covering costs such as lost earnings and pension contributions, as well as counselling and prescriptions.||Up to £150,000+|
|Psychiatric Damage Generally||Severe||A very poor prognosis with the person severely struggling to cope with normal working/social life.||£54,830 to £115,730|
|Psychiatric Damage Generally||Moderately Severe||Despite the person still struggling with significant issues, there will be a much more optimistic prognosis.||£19,070 to £54,830|
|Psychiatric Damage Generally||Moderate||A good prognosis with marked improvements mad, despite suffering with various issues.||£5,860 to £19,070|
|Psychiatric Damage Generally||Less Severe||How much daily activities and sleep were affected, as well as the length of the disability, will affect how much is awarded.||£1,540 to £5,860|
|Post-Traumatic Stress Disorder||Severe||All areas of the person's like will be negatively affected, with them being unable to function as they did pre-trauma.||£59,860 to £100,670|
|Post-Traumatic Stress Disorder||Moderately Severe||The person is still likely to suffer with a significant disability for a while. However, there is room for some recovery with professional help.||£23,150 to £59,860|
|Post-Traumatic Stress Disorder||Moderate||A large recovery will have taken place with only minor effect persisting.||£8,180 to £23,150|
|Post-Traumatic Stress Disorder||Less Severe||Within 1-2 years a full recovery will have virtually been made.||£3,950 to £8,180|
You can contact UK Law to get a more precise estimate of your potential compensation payout. Our advisors can advise on the amount you may receive based on the details of your claim.
Compensation For Stress And Anxiety – Material Damage Examples
When making a claim for compensation for stress and anxiety, it’s possible that you could also suffer financially as a result. The losses you experience are known as material damage. You will need to provide evidence of these losses.
The compensation for stress caused due to a data breach could include figures relating to factors such as:
- Loss of earnings – Stress can make it difficult for you to return to work for a certain period of time following a data breach. This could affect your income. You can prove how much you would have earned over this period by presenting payslips.
- Impact on existing finances – For instance, the data breach could have involved your bank details. If so, you could have money taken from your account without your authorisation. This could be returned to you as part of a material damage claim.
- Medical expenses – You may require prescription medication for conditions such as depression or anxiety that arise due to the breach.
Get in touch to find out more about compensation for emotional distress in the UK and how much it could be worth.
Data protection breaches can come in many forms both deliberate and accidental. The main types of a data breach which you could ultimately be affected by include the following:
Cyber attacks and hacking
A hacker may take, manipulate or block access to personal data on a computer or computer network by launching cyberattacks on it. Examples of cyber attacks include denial of service (DoS) attacks, password attacks and malware.
Viruses and ransomware
Someone may attempt to wipe or manipulate personal data by sending a type of malware known as software sent to someone who can already access it. When a computer virus is able to get onto a device or computer network with personal data, it is often because someone with authorised access opened an email link or file which may look legitimate but secretly contains the virus. Once the virus has entered a computer or network, it could then wipe all of the data contained within it.
Phishing scams may be utilised to access your personal data. For instance, you could be sent an email or text which disguises itself as a legitimate company and encourages you to input personal and/or bank details. Victims of phishing may give criminals their passwords or personal information which will allow them to gain personal data or resources such as money.
Phishing may also be achieved with ransomware. This type of malware can infiltrate computers and networks through an email or file which looks legitimate. Once it has infiltrated, it can then block access to all data within the computer or network and demand a ransom from whoever has been affected so they can regain access. If a company or individual refuses to pay the ransom, then the ransomware may destroy the affected data. However, there’s no guarantee that access to the data will be granted even if the ransom is paid.
Negligence with cybersecurity
Cybercriminals are regularly updating the malware and other tools they use in order to access security systems where personal data exists. It’s therefore important for companies that hold important data on computers or networks to regularly update their cybersecurity. If, however, a company is slow or unwilling to update security for personal data they have, then cybercriminals may be able to identify and exploit weaknesses that grant them access to that data.
Physical theft or exposure
A data breach can occur in physical forms if a device containing personal data is either lost, stolen or destroyed. As an example, a company employee may be holding a USB stick containing the private information of clients. If that employee were to misplace that USB stick or a thief steals it, that would be considered a data breach.
Non-consensual use of data
If a company or individual uses your personal data in a way that you did not consent to beforehand, then it may be considered a data breach. However, a company may not always need your consent to use your data.
The General Data Protection Regulation (GDPR) is a set of rules for the collecting and processing of personal data. A company is required to follow the GDPR if they handle any personal data from EU citizens. This applies regardless of where in the world a company is based. In the UK, the rules of the GDPR are implemented within the Data Protection Act 2018.
Websites are required to give visitors notification of the data which they collect and they should ensure that the visitor consents to this information gathering. This is often done by requiring visitors to click on an ‘Agree’ button. Companies and individuals can use an online GDPR checklist to determine if their organisation is compliant with the requirements of GDPR. However, the list should not be interpreted as legal advice.
Do you have a concern about the way an organisation is handling your personal data? If so, you have the right to raise a complaint about this. The ICO recommends that you first contact the organisation you’re concerned about directly regarding the breach of your personal data. Depending on your exact concern, you could ask the organisation to confirm that your data has been breached and/or the nature and potential consequences of the breach.
If you do not receive a response or you get an inadequate one, then you could consider raising your complaint with the ICO as a last resort. The ICO recommends raising your complaint with them if it has been 3 months since your last meaningful communication with the organisation you’re concerned about. Try not to leave it for significantly longer than three months before speaking to the ICO. If you do, then they are unlikely to investigate your concern.
If the ICO investigates a data breach that has affected you, then their findings could possibly be used as evidence in a compensation claim. It should be noted, however, that the ICO can’t reward compensation for any data breaches.
Following a data breach, you may ask how long you have to start a compensation claim for it. Usually, a claim for a data breach must be started within six years.
An exception applies if the data breach incident focuses on a breach of human rights (under the European Convention of Human Rights). When this applies, the claim needs to be started within a year.
If you seek data breach distress compensation, you’ll need to ensure you follow the claims process correctly. When an organisation fails to communicate clearly that they were responsible for your breached data, you could get in touch with them to make a complaint.
Should you not receive an appropriate response within three months, then raise your complaint with the ICO. They’ll be able to investigate the incident and issue penalties if necessary. Additionally, their findings can be used as evidence if you can claim under the UK GDPR for compensation for distress after a data breach.
Other types of evidence you could consider obtaining when claiming compensation for stress and anxiety include:
- A diagnosis of your mental health injury from a medical professional
- Evidence of communication between yourself and the organisation, i.e. emails or letters
- A note from your therapist or doctor
- Proof of financial expenses, such as bank statements or invoices
After a data breach affected your personal data and caused you stress, compensation could be awarded to you. Get in touch for further guidance on collecting evidence when claiming compensation for stress.
If you’re seeking compensation for stress caused by a data breach, you might be concerned about funding legal representation. A breach of data protection can leave you at a loss, so we understand why you might be hesitant about the financial risk of hiring legal assistance to help you claim emotional distress compensation in the UK.
However, under a Conditional Fee Agreement, a type of No Win No Fee agreement, you will only pay a solicitors success fee if they help you successfully claim compensation for stress caused by a data breach.
The success fee you do pay is capped under the Conditional Fee Agreements Order 2013. Furthermore, there are no upfront solicitor fees to pay and any legal expenses that accrue during the claim process are covered under the agreement. You’ll consent to any fees before legal proceedings begin, so no need to worry about any hidden or surprise charges either.
If you would like to find out how you could make an emotional distress claim in the UK with a No Win No Fee data protection solicitor from our panel, read the next section to find out different ways to contact us.
You can contact UK Law today for advice on making a compensation claim for a breach of your data. Our advisors can help you to gain a clearer understanding of the justifications and evidence required to successfully claim for a data breach. You can reach them through the following methods:
- Through our online live chat service
- With our claim online form
- Through our call back form
- By phoning us on 020 3870 4868
At UK Law, we can offer guidance and support on a range of different compensation claims. Our services include the ability to advise on a variety of different personal injury claims. You can check out our personal injury claim guides, including the following:
Thank you for reading our guide on claiming compensation for stress due to a data breach.
Checked by EI.