Data Breach Via Email – How Much Could I Claim?

Have you suffered due to a data breach via email? Was your personal information compromised in a way that caused you monetary or emotional harm? This could be a data breach for which you may be entitled to receive compensation from the party at fault.

data breach via email

A guide to claiming due to a data breach via email

The Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) clearly describe the legal expectations for correct data handling. Any organisation or company that fails to apply these rules can be liable for investigation and fines by the Information Commissioner’s Office (ICO). The ICO is an independent authority that enforces data protection legislation in the UK.

Find out more by speaking to our team now. We can explain how a panel of data breach solicitors could help:

Select A Section

  1. What Counts As A Data Breach Via Email?
  2. Check If You Could Claim For A Data Breach Via Email
  3. Time Limits To Claim For A Data Breach Via Email
  4. Does The UK GDPR Cover Data Sent Via Email?
  5. What Could You Claim For A Data Breach Via Email?
  6. How Do I Start A No Win No Fee Claim?

What Counts As A Data Breach Via Email?

Electronic communication is a normal part of daily life. Many people have an email address (or several) that they need for both personal and professional use. Many service providers require an email address to help us.

An email address is an example of personal information. Personal data or personal information is any data that can be used to identify you, whether directly or indirectly.

An organisation in possession of another person’s email address must use it in accordance with data protection law. An independent body called the Information Commissioner’s Office (ICO) enforces good data protection practices.

Under data protection law, there are 7 core principles for those processing or handling data to adhere to. Therefore:

  1. Data use should always be lawful, transparent, and fair
  2. Personal data should only be used for the reasons it was collected.
  3. The amount of data collected should be at a minimum
  4. Data retained should be accurate
  5. It should be kept for limited and appropriate periods of time (then securely disposed of)
  6. It needs to be kept securely
  7. Lastly, all involved parties are to take personal accountability for the way data is used

What Is A Personal Data Breach?

A personal data breach is an unlawful or accidental loss, disclosure, destruction, alteration of or access to personal information. It’s caused by a security breach.

To make a successful claim for a data breach via email, you’d need to show how the organisation’s ‘wrongful conduct’ led to the breach. For example, they may not have properly trained staff in data protection or they may have provided substandard cybersecurity. If either of these led to a data breach, it could be seen as wrongful conduct.

With this in mind, accidental or deliberate breaches could include:

  • An unauthorised third party accessing email addresses
  • Sending personal data via email to an unauthorised party
  • Failing to use the ‘Bcc’ field when sending an email to multiple recipients who don’t have the authorisation to access each others’ emails

Speak to our team if you suffered as a result of a personal data breach.

The Latest Data Breach Statistics

The statistical graph below shows the proportion of organisations (based on a total of 1,243) that have sought external information or guidance in the last 12 months on the cyber security threats faced by their organisation:

Check If You Could Claim For A Data Breach Via Email

Data breach via email claims can be complex and establishing liability may be easier with professional help. With this in mind, a data breach solicitor can help confirm that the following steps were taken prior to starting a claim:

  • An organisation’s wrongful conduct led to the data breach.
  • Your personal information was involved in the data breach.
  • You suffered psychologically or financially (or both) as a result.

Wrongful conduct on the part of the other person is the foundation of a successful data breach via email claim. Speak with our team for guidance on a data subjects’ rights following a breach of data protection.

Time Limits To Claim For A Data Breach Via Email

There are time limits to starting a data breach via email claim. Currently, you generally have 6 years in which to start proceedings. However, in other circumstances, this could be 1 year. Speak to our advisors if you are unsure about how to prove when the email data breach occurred and whether you are still eligible.

Does The UK GDPR Cover Data Sent Via Email?

Errors or deliberate acts by others can cause your personal data to be compromised. Email addresses can be exploited by cybercriminals who know how to infiltrate accounts. They could access your:

  • Name and address
  • Mobile phone number
  • Social media account details
  • Group memberships or subscriptions
  • Direct debit details
  • PayPal or other financial services accounts

These details can distinguish the email holder from other people. Because of this, the personal information is covered by the UK GDPR.

What Could You Claim For A Data Breach Via Email?

A data breach can cause damage to both your finances and your peace of mind. A case called Vidal-Hall v Google upheld the idea that it was no longer necessary to have suffered a financial loss to claim damages for emotional harm in data breach cases.

This means that you could provide a medical report as proof that the data breach via email caused you significant mental health damage. In doing so, if your claim is successful, you could receive non-material damages.

These can be calculated using the aid of the Judicial College Guidelines (JCG). The JCG is a publication that legal professionals use when valuing personal injury claims. Figures in the guidelines include those below.

Type of Psychiatric Harm JC Guideline Award Explanatory Notes
Post-Traumatic Stress Disorder (PTSD) of Less Severity Up to £7,680 Full recovery within 12 – 24 months of the issue. Only minor issues persisting.
PTSD – Moderate (c) £7,680 to £21,730 On the whole, a good recovery. A few residual issues.
PTSD – Moderately Severe (b) £21,730 to £56,180 A better prognosis with professional help but significant issues for the foreseeable future.
PTSD that is Severe (a) £56,180 to £94,470 Trauma that prevents normal function on any level as enjoyed prior to incident.
Psychiatric Damage – General (a) Severe £51,460 to £108,620 Issues so damaging that future prognosis is very poor.
Psychiatric Damage – General – Moderately Severe £17,900 to £51,460 Significant coping issues with a better chance of improvement.
Psychiatric Damage – General – Moderate (c) £5,500 to £17,900 Symptoms that improve by the time of trial.
Psychiatric Damage – General – Less Severe (d) Up to £5,500 The award takes into account the severity of symptoms such as how much sleep was affected.

Please bear in mind these are suggestions, not guaranteed award amounts.

In addition to this, you can present bank statements or other documentation that shows ‘material’ damage, or money you lost due to the data breach via email. You could include this in your claim.

How Could A Data Protection Breach Impact You?

If you suspect a data breach via email you should raise your concerns with the organisation as soon as possible. If their response isn’t satisfactory, you could contact the ICO. You’d need to do so within 3 months of the organisation’s final response on the matter.

The ICO could investigate, but they can’t provide compensation. To get compensation, you could use the services of a solicitor.

How Do I Start A No Win No Fee Claim?

Arranging a medical assessment and gathering together the documentation proof is something a data breach solicitor could help you with under a No Win No Fee agreement. This means you could start your claim today without the need to pay any upfront fee to fund your solicitor.

As the case goes forward, there is no solicitor’s fee to pay them. Should the case not be successful, there is nothing owed at all, but if it wins you only need to pay a maximum of 25% from the settlement to cover your No Win No Fee solicitor’s success fees.

This enables you to receive the bulk of the payout you may receive. Learn more about how we could help connect you with excellent data breach legal representation by:

  • Calling us on 020 3870 4868
  • Getting in touch online with our ‘contact us‘ form
  • Use our ‘live support’ chat


The resources below offer further help on this topic, such as:

If you have any questions about claiming following a data breach via email, why not get in touch today?

Writer FE

Checked by HT