My Data Has Been Breached, What Can I Do?
Organisations that process your personal data have a responsibility by law to protect it. If they fail to do so, your data could be exposed and you could be harmed as a result. This guide aims to answer the question “my data has been breached, what can I do?”.
We will talk about data breaches and the ways that organisations should act to protect your personal data. We will also explain the actions you can take if you were affected by a data breach.
Advisers are also available to offer you any more information on data breach claims that you require. They offer free legal advice, can discuss your situation with you and let you know if you could be eligible to make a claim. You can reach them now by:
Select A Section
- My Data Has Been Breached, What Can I Do?
- Have You Been Affected By A Breach?
- How To Protect Your Personal Data
- Protecting Your Online Accounts
- What Can I Claim If My Data Has Been Breached?
- Find The Answer To The Question My Data Has Been Breached, What Can I Do?
Information that can be used to identify you is considered your personal information. This could include your name, your phone number and your address amongst other information.
The UK General Data Protection Regulation (GDPR) and a version of the Data Protection Act 2018 that was updated when the UK left the EU make up the regime in place that outlines how personal data should be protected. They make it an organisation’s responsibility to safeguard your personal data.
A data breach is a security incident that affects the integrity or confidentiality of personal data, or how available it is. If you experienced this kind of incident that caused you harm and was caused by the wrongful conduct of the data controller (party in control of your data) or data processor (someone processing your data on behalf of a controller), you may be able to claim.
Below we’ll give you more information on what you can do if your data has been breached, but if you’re still wondering “My data has been breached what can I do?” by the end of this guide, you can also speak to an adviser now to discuss making a data breach claim.
How Commonly Is Data Breached?
In the 3rd quarter of 2021/22, organisations reported 28,639 data security incidents. These incidents range from showing the wrong person’s data in a client portal (30 incidents reported) to sending information to the wrong email (419 incidents) or wrong postal address or fax number (181 incidents).
If your personal data was involved in a breach that affected your rights and freedoms, the organisation that requested your data should let you know about it without undue delay.
If you’re not told about a breach that impacts your rights and freedoms, but you suspect that one has taken place, then you can raise this with the data controller. They should tell you how your data is being used and whether it’s been affected by a breach.
If the breach led to you suffering harm, you can make a claim for compensation against the organisation responsible. However, you would need to show that it was caused by the organisation’s failings in order to claim.
For example, if they had the most up to date online security systems available but a skilled hacker was able to navigate these, then you’d be unlikely to be able to claim.
Please speak with one of our advisers to see if you are eligible to make a claim after a UK GDPR breach. They can also help you by answering the question, “My data has been breached, what can I do?”.
There are actions you can take to help protect your personal data.
- Not leaving files or devices unattended. This could allow someone to access your personal data.
- Encrypt data stored on devices. This is so that people without authorisation cannot access the data.
- Dispose of personal data securely. If you throw away paperwork without obscuring the personal data or shredding the document then someone could access this information.
There are also some actions you can take to help protect your online accounts, which might include your personal data. These include:
- Using strong passwords. The common recommendation is to use an uncommon and mixed set of characters as a password. It is also recommended to not use similar passwords across sites.
- Using two-factor authentication. Activating two-factor authentication on websites that offer it can warn you if someone is trying to access your account and prevent easy access to your account if they know your password
- Keep an eye out for any suspicious messages. If your personal data has been impacted by a breach, then you might receive suspicious messages related to a phishing scam.
If your information was exposed because they failed to take necessary and reasonable actions to protect themselves, you could be eligible to make a claim for compensation, for any harm you suffer as a result. If your data was breached, and you suffered harm, please speak with one of our advisers.
Having looked at answering the question “my data has been breached, what can I do?” we will now look at what a compensation payout could consist of. When you claim for harm caused by a personal data breach, your compensation can consist of material damages and non-material damages.
Material damages can address financial losses such as:
- Theft: If the breach was used to steal money from you, then you could claim this money back.
- Loss of income. If you were unable to work due to the breach then this could be considered when valuing your claim.
- Treatment costs. If you suffered mental harm and had to spend money on treatment costs, then your compensation could include this.
If you did suffer mental harm, such as stress because of the breach, you can make a claim for compensation for the distress you suffered. This head of a claim is known as non-material damages.
To illustrate compensation awards for psychological harm, we’ve included a table with figures from the Judicial College Guidelines (JCG) below.
|Severe Psychiatric Damage||Psychological injuries leaving the person unable to cope with all aspects of life||£54,830 to £115,730|
|Moderately Severe Psychiatric Damage||Similar injuries to above but with a better prognosis||£19,070 to £54,830
|Moderate Psychiatric Damage||Despite initially showing symptoms similar to above, the person is now showing good improvement||£5,860 to £19,070
|Less Severe Psychiatric Damage||Ability to perform daily activities was affected for a period of time; award will depend on how long and to what extent it was affected for.||£1,540 to £5,860|
|Severe Post Traumatic Stress Disorder (PTSD)||Psychological injuries leading to symptoms including severe sleep disturbance and mood disorders.||£59,860 to £100,670|
|Moderately Severe PTSD||Symptoms similar to above but with a better prognosis following professional help||£23,150 to £59,860
|Moderate PTSD||The person will have largely recovered with any remaining disabilities seeming small||£8,180 to £23,150|
|Less Severe PTSD||The person will have virtually recovered within two years||£3,950 to £8,180|
The ruling in the Court of Appeal case of Vidal-Hall and others v Google Inc  means you can now seek either head of claim independently. You do not need to have suffered financial harm to make a claim for mental harm, as was the case before this ruling.
If your data has been breached, and you suffered harm, our advisers can help offer you an estimate of the compensation you could be awarded in your personal data breach compensation claim.
It is not a requirement to have one to make a data breach claim, but they can be of great benefit in helping you collect evidence and build your case.
Some data breach solicitors can work on your claim on a No Win No Fee basis. This means no upfront fees and no ongoing fees.
You pay a success fee that is due if your claim is successful. The success fee is a legally capped percentage of the awarded compensation. If your claim was unsuccessful, there would be no success fee to pay.
A No Win No Fee solicitor from our panel could represent you. To speak with one, please get in touch with one of our advisers to discuss your claim. You can reach one by
- Calling them on 0203 3870 4868
- Getting in touch through the claim online form
- The live chat feature at the bottom of this page
Data Breach Victim Rights
Below are some links you might find useful:
- GOV: The government’s guide to finding out what data an organisation has about you
- ICO: The ICO’s guide to your right of access to your personal information
- ICO: The ICO’s guide to keeping your IT system safe and secure
We also have guides on:
We hope that this has helped to answer the question, “My data has been breached; what can I do?”. If you have any more questions, please get in touch.
Checked by NC