HR Data Breach Compensation Claims

Human resource departments of each workplace hold a lot of personal and sensitive data about employees.

Therefore due to the stringent data protection and security laws we have in this country HR must ensure that they keep this data safe. The information you provide to your employer is not all protected. Data security laws look to protect both identifiable information and personally sensitive data. If HR data breaches were to occur who is eligible to make a data breach claim?

HR data breach compensation claims guide

HR data breach claims guide

Please consider for a moment, that this is only one short guide, and we cannot hope to answer every possible question in it. Your claim will be unique to you. If you do have more questions, you can ask our team of claim advisors to provide the answers to them. Just phone us on 020 3870 4868. Or if you prefer, request a callback by using our contact form. Our team can also assist you in connecting you to the right solicitor to process a data breach claim for you.

Select A Section:

What Is A HR Data Breach?

Every employer in the UK that stores or processes employee data is legally required to keep it safe and secure. Orgsantions that process personal data are known as data controllers and they handle the personal information of data subjects. So in this scenario employers are data controllers and employees are data subjects. Personal information that is processed by a data controller is protected by data protection laws.

What Laws Protect Data?

There are a number of different bodies of law in the UK, that are aimed at protecting your personal data. Both the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) are key pieces of legislation here.

The governing of these laws is overseen by the Information Commissioner’s Office (ICO). The ICO can take action against any employer that fails to comply with these laws. You can also report a data breach to the ICO.

But what is a data breach? A personal data breach is defined as a security incident that has the potential for personal information to be disclosed, lost, accessed without a lawful basis, stolen altered or destroyed.

A data breach could cause you severe financial losses as well as distress, anxiety and depression. To claim for the damage caused because of a personal data breach you need to show how the data controller, in this case your employer, is liable for the HR data breaches.

What Data Is Protected?

We need to look at the types of data these laws protect. Not all data is covered by these laws. Only your special category data and your personal data. We have given some examples below, to help you understand the types of data that are protected by law in the UK.

  • Special category data – would be, as examples, how you identify as a gender, your religion and ethnic background, trade union memberships, etc.
  • Personal data – would be, as examples, a password, your email address, date of birth, postal address, name, and phone number. Also, information about your bank account and the number of your credit card or debit card.

Data Security Incident Statistics By Cause

By referring to data that was made available to the public by the ICO, we made the chart below. It shows the main cause of human error related data security incidents covering the third fiscal quarter of 2021/22.

The Cause of Non-Cyber Security Related Data Breaches - 2022

Examples Of HR Data Breaches

The chart above shows how human error can lead to personal data breaches. Here are some example scenarios.

  • A data breach is caused by confidential data not being redacted from documentation before it is circulated.
  • Documents containing your data are left for anyone to view, in a communal work area.
  • You fall victim to harm caused by information sent to the wrong person. For example, your data is sent to the incorrect email recipient.
  • The failure to properly dispose of data. Either physical or digitally stored.

These are just some examples, there are many more ways a data breach can happen. Call and explain your claim to our team to find out if it is valid or not.

What Are The 7 Core Principles Of The UK GDPR?

To define what the law expects when it comes to correctly processing the personal information of a data subject the UK GDPR states 7 Core Principles that must be followed. Every time personal data is processed these principles should be followed to ensure that there is compliance with the law.

  1. To act transparently, fairly and legally.
  2. Collect only for specified, explicit and legitimate purpose
  3. Minimising the amount of data processed.
  4. Keeping all data correct and up to date.
  5. Only keep for as long as is necessary
  6. Maintaining confidentiality.
  7. Being fully responsible and accountable.

What Action Could Employees Take Following A Data Breach?

If your employee information has been involved in a workplace or HR data breach then when your rights and freedoms are placed in jeopardy you should be informed of the data breach without undue delay from your employer. They also have 72 hours to let the ICO know about the breach.

If you suspect a breach but have had no confirmation that one has taken place then you can contact the data security officer in your employment and ask whether your data has been breached. Moreover, if you are not happy with the response you receive you can escalate it internally as well as ask the ICO to investigate. However, you must leave it no longer than 3 months since your last communication on the matter to ask for an investigation.

If you have proof that your employer is liable for the data security breach because they did not comply with the applicable laws contact us today. Our expert advisors can provide free legal advice on your case.    

HR Data Breach Compensation Claims Calculator

The case Vidal-Hall and others v Google Inc, at the Court of Appeal in 2015, set the precedent for claiming mental harm, despite no financial losses. We can’t give you a simple, average figure for how much employer data breach compensation you might get for an HR data breach. All claims are different. But you can use the table below to get a rough estimate. We used the updated 2022 Judicial College Guidelines, which are also used by the legal system, to create this table.

The table below covers only non-material damages. Therefore, you might also be able to claim material damages for any financial loss caused by the data breach. So, if you would like to find out what types of material damages might be appropriate to seek, call and speak to our claims team.

Mental Injury Severity Level More Notes Potential Damages
Mental Injuries Severe When a person is suffering from severe mental illness, it is very difficult for them to perform daily tasks, including attending school and working. It is very unlikely that they will recover. £54,830 to £115,730
Mental Injuries Moderately Severe The career, relationship, and other aspects of the person’s life will be seriously challenged for those affected. £19,070 to £54,830
Mental Injuries Moderate Improvements will have already started to happen and there is a good chance a full recovery will be made. £5,860 to £19,070
Mental Injuries Less Severe Compensation for mental harm is determined by the severity and duration of the harm suffered. £1,540 to £5,860
(P.T.S.D.)  Severe All aspects of life will be severally affected and the chance of a recovery is slim. £59,860 to £100,670
(P.T.S.D.)  Moderately Severe Professional help will be needed for even the slightest of recovery. £23,150 to £59,860
(P.T.S.D.)  Moderate In light of the patient’s nearly full recovery, any remaining symptoms shouldn’t have a significant impact. £8,180 to £23,150
(P.T.S.D.) Less Severe After two years of suffering from PTSD, the majority of your symptoms should have disappeared. £3,950 to £8,180

Get Help With A No Win No Fee HR Data Breach Claim

This guide to making compensation claims for an employer data breach, may have left you with unanswered questions. If it has, call our claims team for the answers.

Also, our advisors can assess your data breach claim. Where they can see you may be awarded compensation they can connect you with a No Win No Fee lawyer to process your claim for you.

Generally, this means you would sign a Conditional Fee Agreement which is the terms of how the solicitor would receive their success fee. So no upfront fee to begin with, no fee as the case progressors and no fee if the claim fails. Only a success fee, when you are awarded compensation, that is capped by law.

Our claim advisors can explain the way that a No Win No Fee agreement works in more detail, if you wish. For more help and advice about making a compensation claim for HR data breaches, use the information below to reach out to our team.

Telephone number: 020 3870 4868

Contact form and webchat

Workplace Data Breach Claims

Here are some useful links to other websites.

Your Data Protection Rights 

Cyber Security Breaches Survey 2021

Who’s Breaching Your Human Rights?

Here are links to other useful guides.

Lost Device Data Breach Compensation Claims

Data Breach Compensation Examples – What Could You Claim?

Can I Claim For A Data Breach If My Personal Data Was Not Locked Away Or Secured?

Writer CE

Checked by IE.