Failure To Use BCC Data Breach Compensation Claims

Is not using BCC a breach of UK GDPR? In some cases, yes it could be. A failure to use BCC could be caused by human error.

And when such an error results in your personal data, which is protected by law being exposed, it could be possible to claim compensation for a failure to use BCC data breach.

Failure To Use BCC Data Breach Compensation Claims

Failure To Use BCC Data Breach Compensation Claims

We may not answer every question you have in this guide. Each claim is unique in some way. But we can still provide you with answers if you speak to one of our claim advisors. You can call us on 020 3870 4868 or request a call-back using our contact form. Our advisors can also help you to get a claim started as soon as possible. So don’t delay, call us today.

Select A Section:

What Is A Failure To Use BCC Data Breach?

Is revealing my email address a breach of data security laws? It can be in certain circumstances. When UK data protection and privacy laws have been broken and this has led to personal information being breached then a data breach victim could be eligible to claim compensation. One way a data breach can happen via your email address is in a failure to use BCC.

Generally, when a mass email is sent to lots of people who are unaware of each other, the email address of recipients should be hidden from all other recipients by using the BCC box. However, mistakes can be made, such as using the CC box by mistake (more on this below).

Data breaches can happen for all different types of reasons. Not every data breach that occurs will mean those affected can make a data breach compensation claim. A successful data breach claim requires you to prove that your personal data was affected. It will also show a liable party. This means proving that those who should have been protecting your data failed to do it adequately. This will need to have caused you emotional harm and/or financial costs.

How Common Are Email Data Breaches?

According to statistics provided by the ICO from the first financial quarter of 2019/20 to the third financial quarter of 2021/22, there were 4,138 incidents reported to the ICO where personal data had been emailed to the incorrect recipient.

The UK Government has provided data, from a survey that included 1,244 businesses sampled. It estimates how often, in 2022, firms last created, updated, or reviewed their cyber security policies or documentation.

  • In the last 3 months – 25%
  • 3 to under 6 months ago – 19%
  • 6 to under 12 months ago – 29%
  • 12 to under 24 months ago – 14%
  • 24 months ago or earlier – 8%

Data Privacy Laws

We have several sets of laws in the UK that pertain to data privacy and security. This includes the Data Protection Act 2018 (DPA). Also, there is the UK version of the General Data Protection Regulation (UK GDPR). It is these laws that a data breach solicitor will leverage to proceed with a claim.

There is a governing body, the Information Commissioner’s Office (ICO), that polices these laws. It is also the ICO you would report a data breach to.

What Is The Difference Between CC and BCC?

If you are unsure of how an email system works, you might not understand the difference between CC and BCC. So we have explained them below.

  • Carbon Copy (CC) – Email addresses added to the CC box will show to all recipients of the email. The CC box is used when you want everyone to know that other people have copies of the email. And when everyone to who the email was sent is allowed access to everyone else’s email address.
  • Blind Carbon Copy (BCC) – Email addresses added to the BCC box are not visible to any recipients. The BCC box is used when sending mass emails. It protects every recipient from their email address being shared with everyone else. When BCC is not used appropriately, it could result in a data breach.

When To Use Blind Carbon Copy

What happens if you forget to BCC? Every email address the email is sent to is visible to all other recipients. If you accidentally didn’t use BCC, you may have exposed personal data and caused a data breach. Generally, you should always use BCC when mass emailing people outside of your organisation.

How Do Email Data Breaches Happen?

Is a failure to use BCC a data breach that is always caused by human error? All employees that handle the personal data of a data subject should be trained in data awareness, security and data protection laws. When employees are not trained in their data privacy obligations, other email data breaches can happen. Such as;

How Could Organisations Reduce The Risk Of Email Data Breaches?

A lack of awareness is one reason why a failure to use BCC data breach can happen. Staff should be trained in what data privacy laws require from them. Some examples are shown below.

  • Foster a corporate culture that places data privacy at the fore.
  • Ensure staff receive updated training when data privacy laws change.
  • Make individuals responsible for ensuring they approach data privacy correctly.

Calculating Damages For A Failure To Use BCC Data Breach

We cannot provide you with an overall average for failure to use BCC data breach compensation. Because all claims are different. There was a case in the Court of Appeal in 2015, Vidal-Hall and others v Google Inc. This case set the precedent for claiming only non-material damages for a data breach.

We used the guidelines that are followed by the legal system to create the example data breach compensation table below. These guidelines are produced by the Judicial College.

Psychological InjuryInformationHow Bad?Damages
Psycholgical InjuriesPeople with severe mental illnesses have difficulties with their work, home lives, and education, for example. Their chances of recovering are slim.Severe£54,830 to £115,730
Psycholgical InjuriesWork, relationships, and other activities may be challenging for the sufferer.Moderately Severe£19,070 to £54,830
Psycholgical InjuriesThe chances of such a person making a full recovery are high, despite their mental health concerns initially.Moderate£5,860 to £19,070
Psycholgical InjuriesA patient in this category will receive compensation depending on how much and how long he or she suffered from the mental injury.Less Severe£1,540 to £5,860
PTSD (Post Traumatic Stress Disorder)Individuals suffering from PTSD will be severely affected by the disorder and will not be able to function normally.Severe£59,860 to £100,670
PTSD (Post Traumatic Stress Disorder)The impact of PTSD on an individual's life may be significant, but they have a good likelihood of some recovery.Moderately Severe£23,150 to £59,860
PTSD (Post Traumatic Stress Disorder)Since the patient has almost entirely recovered, residual symptoms will not cause significant disability.Moderate£8,180 to £23,150
PTSD (Post Traumatic Stress Disorder)In this category the claimant should be recovered from any PTSD symptoms in 2 years. Less Severe£3,950 to £8,180

The table only covers non-material damages for the harm you suffered mentally such as stress caused by a data breach. You may have also lost out monetarily due to the data breach, You would try to claim material damages to recoup such losses.

You will need to submit documented evidence of losses in order to be able to try and claim for them. Additionally, you can claim for past losses or future predicted losses. Please talk to one of our claim advisors for more help with this.

Begin Your Failure To Use BCC Data Breach Claim Today

Did you know it is possible to make data breach claims using a No Win No Fee lawyer? The advantage here is that you are not expected to pay your lawyer a fee until the claim is complete. If the claim is won, your lawyer will expect to be paid a small, legally limited success fee. If the claim is a failure, you don’t pay your lawyer a fee at all.

You might have additional questions related to starting a claim or the claim process in general. Or you might find yourself in a position where you believe you are ready to start a claim for a failure to use BCC data breach. In either case, our team of expert claim advisors is here to help you. You can use the contact detail below to get in touch.

You can call us on 020 3870 4868 or request a call-back using our contact form. Our advisor can also help you to get a claim started as soon as possible. So don’t delay, call us today.

Learn More About Breaches Of The UK GDPR

More links for you to check out.

Finding Out What Data Has Been Stored About You

How To Report A Data Breach

Here are other guides you might like to read.

Lost Device Data Breach Compensation Claims

Stolen Paperwork Data Breach Compensation Claims

What is an Army Data Breach Compensation Claim?

Writer CE

Checked by IE.