Energy Company Data Breach Compensation Claims
This guide examines who could be eligible to start a claim following an energy company data breach. We have provided an overview of the legislation governing the protection of personal data and how failures to uphold these rules can lead to data breaches.
In this guide, you will find some illustrative examples of how an energy company failing to take adequate steps to protect your personal data can result in both monetary losses and psychological distress. We have also included information on data breach compensation.
The penultimate section of our guide explores the type of No Win No Fee contract offered by our panel of specialist data breach solicitors, and the benefits claimants who start their data breach claims under these terms can enjoy.
Contact our team of advisors today for a free assessment of your potential claim. Talk to a team member using the following contact details:
- Call on 020 3870 4868.
- Fill out our “claim online” form.
- Use the live chat function at the bottom of the page.
Select A Section
- Energy Company Data Breach Compensation Claims Explained
- Examples Of How An Energy Company Data Breach Could Occur
- Supporting Evidence For Data Breach Claims
- Estimating Payouts For An Energy Company Data Breach
- How To Claim On A No Win No Fee Basis
- Discover More With Our Data Breach Claim Resources
The Information Commissioner’s Office (ICO), the independent public body set up to govern the protection of data, defines a personal data breach as a breach of security leading to the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, access to, personal data. The ICO definition encompasses both accidental and deliberate breaches of data. The below terms will be used to refer to the parties involved throughout the rest of this guide:
- Data Controller: The organisation that decides how and why your personal data will be processed. For the purposes of this guide, the data controller is the energy company.
- Data Processor: A data processor is an external party that processes personal data on behalf of the data controller. It is important to note that not every data controller will use the services of an external processor.
- Data Subject: The identifiable or identified living individual to whom the personal data relates.
Controllers and processors both have obligations to uphold surrounding the storage, handling and processing of your personal data. The rules are set by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Failure to comply with these laws by data controllers and processors can result in an energy company data breach.
There are three criteria that need to be met in order to start a personal data breach claim:
- There was a failure by the data controller or processor to uphold the requirements set out by data protection law.
- These failures were the cause of a data breach in which your personal data was affected.
- You incurred financial losses, experienced psychiatric harm or both due to the breach.
Time Limit To Claim After An Energy Company Data Breach
The time limitation period for starting a personal data breach claim is generally 6 years. This is reduced to 1 year if you are claiming against a public body. You should contact our advisors as soon as possible following a data breach.
Per the ICO, personal data is any information that can be used to directly or indirectly identify you. An energy company could hold personal data such as contact details like your email addresses and phone numbers, as well as your name and postal address. Your credit and debit card details could also be held for billing purposes. Below we have detailed some scenarios where an energy company data breach could compromise your personal data.
- Inadequate physical security procedures meant documents containing your personal data were not secured properly and were subsequently misplaced. This led to unauthorised persons gaining access to your personal data.
- A company employee sent your energy bill to the wrong address
Deliberate Action Data Breach:
- The contact information of multiple data subjects was stolen during a cyber attack
- Client data was disclosed intentionally by an energy company employee.
Not all data breaches will entitle a data subject to make a claim. It must be proven that wrongful conduct was the result of the personal data breach in order to have a valid claim. For more information, talk to our advisors. They can advise you on whether you have valid grounds to start the claims process. Contact our team today using the details below.
An energy company data breach claim will require evidence. Some examples you could collect are:
- Financial records, such as credit or debit card statements, showing unauthorised activity on your accounts and subsequent financial losses.
- Communications between you and the energy company detailing the data breach and what personal data was affected.
- Medical documents detailing the psychiatric harm experienced because of the data breach.
Following a data breach that puts data subjects’ rights and freedoms at risk, the energy company should, in their capacity as the data controller, notify the data subjects affected without delay. Data controllers also have an obligation to inform the ICO of the breach within 72 hours. While the ICO does not award compensation, once notified of a data breach, it can open an investigation. Their findings can be useful evidence to support your claim against the energy company.
For support with the gathering of evidence, use any of our provided contacts to speak to an advisor. If the team think your potential claim is valid, a solicitor from our panel could provide assistance with assembling a body of evidence for your claim as part of their service.
A compensation payout for a successful energy company data breach claim can be made up of up to two different heads of claim:
- Material damage is the monetary loss that results from a personal data breach.
- Non-material damage is the psychological distress, such as depression, post-traumatic stress disorder or other psychiatric harm, experienced due to the personal data breach.
Following the judgement in Vidal-Hall, you can now claim for psychological distress stemming from a breach of personal data without having to have experienced a financial loss.
Solicitors can use the Judicial College Guidelines (JCG) to work out a potential value for non-material damage. The JCG is a publication that lists various types of injuries alongside their guideline award brackets.
We have used figures from the JCG to create the below compensation table. We have provided this table for guidance purposes only, as data breach claims are assessed individually.
|General Psychiatric Harm||Severe (a)||£54,830 to £115,730||Cases with a very poor prognosis and marked problems relating to work and social life, and personal relationships, and future vulnerability|
|Moderately Severe (b)||£19,070 to £54,830||Cases with a more optimistic prognosis but significant problems associated with work and social life, and personal relationships, and future vulnerability|
|Moderate (c)||£5,860 to £19,070||The injured person will have experienced a marked improvement.|
|Less Severe (d)||£1,540 to £5,860||Award levels within this bracket will consider the length of the period of disability and any effects on sleep patterns and daily activity.|
|PTSD||Severe (a)||£59,860 to £100,670||Permanent effects which prevent the injured person from undertaking any work and badly affecting all aspects of their life.|
|Moderately Severe (b)||£23,150 to £59,860||Better prognosis than in (a) but effects will cause significant disability for foreseeable future.|
|Moderate (c)||£8,180 to £23,150||This bracket involves cases where there has been a large scale recovery and continuing effects will not be grossly disabling.|
|Less Severe (d)||£3,950 to £8,180||Virtual recovery within two years and persisting symptoms will be minor.|
Speak to our advisors for an assessment of your particular claim, and a more detailed estimate of the compensation that could be awarded following a successful claim.
To get a cost-free assessment of your circumstances, talk to our advisors. You could be connected with a solicitor from our panel if our team decide you have valid grounds to proceed with the claim. The type of No Win No Fee contract our panel can offer is called a Conditional Fee Agreement (CFA).
There are notable advantages to claimants with a CFA. You will not have to pay any upfront fees for the solicitor to begin working on your claim, or be liable for ongoing fees during the claims process. You will also not have to pay a fee in the event your claim fails.
Successful energy company data breach claims will be awarded with compensation. The solicitor will deduct a percentage of your compensation award as their success fee. The percentage that can be charged as a success fee is subject to a legally binding cap. Therefore, the majority of any awarded compensation will go to you.
Contact our team of advisors today for a free assessment of your potential claim. You can speak to a member of our team via the following contact details:
- Call on 020 3870 4868.
- Fill in our “claim online” form.
- Use our live chat feature at the bottom of the webpage.
See more of our data breach claim guides
- Learn if you are eligible to claim following a divorce lawyer data breach.
- See if you can claim after an exam results data breach.
- Find out how much you could claim for stress due to a data breach.
Other resources you may find useful
- ICO – Report a breach.
- National Cyber Security Centre – Protecting your data and devices.
- Age UK – Staying safe online.
We’d like to thank you for reading our guide on who could be eligible to make an energy company data breach claim. For further guidance, answers to your questions and a no-cost assessment of your circumstances, talk to our advisors today. You can reach our team using any of the above contact details.