What Are Your Rights After A Wrong Information Data Breach?

Following a wrong information data breach, you might be wondering what steps to take next. Whether your personal data is sent to the wrong postal address, email account, or texted to the wrong number, if you have suffered harm due to an organisation’s failings, you could be due data breach compensation.

wrong information data breach

How to make a wrong information data breach claim guide

In this guide, we will explore different ways that a personal data breach could occur, and what a personal data breach is. Additionally, we’ll explore what action you could take and how a No Win No Fee data protection solicitor could help you.

As per data protection law, organisations have a responsibility to take reasonable steps to protect your personal data. The UK General Data Protection Regulation (UK GDPR) runs alongside an updated version of the Data Protection Act 2018 (DPA) as the two main articles of legislation that set out an organisation’s responsibilities.

If an organisation fails to comply with data protection law, resulting in a wrong information data breach compromising your personal information and causing you to suffer harm, you might have grounds for a valid claim. If you would like to find out more, you can:

Select A Section

What Is A Personal Information Data Breach?

The Information Commissioner’s Office (ICO) is a non-departmental body responsible for overseeing and enforcing data protection law. While the ICO does not provide compensation, they do have the power to impose a fine on organisations found to be in breach of data protection law.

According to the UK GDPR, any information that could identify you counts as personal data. This can include:

  • Postal address
  • Date of birth
  • Email address
  • Phone number
  • Bank account details

A personal data breach can be defined as a security incident in which the availability, confidentiality, or integrity of your personal data is compromised. However, in order to make a valid claim, you must be able to prove not only that the breach occurred as a result of the organisation’s failings, but also that you have suffered psychological harm or financial damage as a result of your personal data being compromised.

To find out if you could have a valid claim, contact our advisors today.

How Could Information Be Incorrectly Distributed?

There are various ways information could be disclosed leading to a breach of your personal data. For example, a human error data breach could occur, causing your personal data to be exposed in a wrong information data breach. Examples of this include:

  • Outdated records: Organisations must ensure that your records are kept up to date. For example, if you telephone a GP surgery and request to change your address, but they fail to note this, this could result in letters containing your personal data being sent to the wrong address.
  • Administrative error: An example of administrative error could be if an employee puts a letter addressed to you in the wrong envelope. Another example could be if personal data is faxed to the wrong recipient by accidentally using the wrong pin code.

Additionally, an organisation might fail to provide adequate training on data protection or have sufficient policies in place to protect your personal data.

To learn more about what could contribute to a wrong information data breach, contact our advisors.

Email And Postal Data Breach Statistics

Excluding non-specified non-cyber incidents, data security incident trends from the ICO reveal that emailing data to the wrong recipient was the most common incident type that affected organisations in the past three years. Over 4,500 incidents were reported across different industry sectors. 

Furthermore, data being faxed or posted to the wrong recipient was the second most common incident type. Over 3,200 incidents have been reported to the ICO.

Our advisors can offer free legal advice and further guidance surrounding your claim when you get in touch today.

Is Sending Someone The Wrong Information A Data Breach?

The UK GDPR sets out different principles that an organisation must uphold. One of those principles states that personal data should be accurate and up to date. Organisations should also take reasonable steps to either update or erase the incorrect information.

For example, if your address changes and you notify an organisation of this, they must update their records. If they fail to do so, a letter containing your personal data may be sent to your old address, allowing unauthorised persons access to it. Or, a text containing personal data could be sent to a phone number that you are no longer associated with.

This could contain financial information, such as credit card details, or could contain personal information relating to your medical records.

However, not all instances of a wrong information data breach will result in claim. For example, if you do not inform the organisation of your change of address.

To learn more about how a personal data breach could occur, get in touch with our advisors.

How Long After A Data Breach Could I Claim?

Similar to personal injury claims, there are set time limits for when you can make a personal data breach claim. Generally, this is six years from the date of the breach.

However, if you are claiming against a public body, like the local council, this reduces to one year.

Call us for more information about the data breach time limits.

What Could You Claim For A Wrong Information Data Breach?

Each settlement following a successful data breach claim could comprise material damages and non-material damages. The former compensates for financial losses caused by the personal data breach. The latter compensates for the psychological harm you have sustained as a result of the personal data breach.

In Vidal-Hall and Others v Google Inc (2015), the Court of Appeal ruled you can now claim for non-material damages (psychological injury) without claiming for material damages (financial loss). 

Subsequently, solicitors can value psychological harm such as stress and depression, in the same way they estimate personal injury compensation. This is generally done with the help of the Judicial College Guidelines (JCG). You can find some examples of compensation guidelines provided by the JCG in the table below.

Injury Compensation Range Notes
Severe Post-Traumatic Stress Disorder (a) £59,860 to £100,670 The person will experience permanent issues and won’t be able to function at the same level as before the trauma.
Moderately Severe Post-Traumatic Stress Disorder (b) £23,150 to £59,860 The prognosis is better than in more severe cases due to professional help.
Moderate Post-Traumatic Stress Disorder (c) £8,180 to £23,150 The person will have mostly recovered with some ongoing issues. However, they won’t be majorly disabling.
Less Severe Post-Traumatic Stress Disorder (d) £3,950 to £8,180 A mostly full recovery within a couple of years.
Severe Mental Harm (a)

£54,830 to £115,730 The person will have a very poor prognosis.
Moderately Severe Mental Harm (b) £19,070 to £54,830 The prognosis is much better however significant issues still continue to have an impact.
Moderate Mental Harm (c) £5,860 to £19,070 A significant improvement and a good prognosis.
Less Severe Mental Harm (d) £1,540 to £5,860 Daily activities and sleep are affected.

The amount that you could receive depends on a number of factors, and the figures provided above are only guideline amounts, not guarantees. To get a free estimation of what your wrong information data breach claim could be worth, contact our advisors today.

Get In Touch To Begin A Claim

If you have suffered harm as a result of a wrong information data breach which compromised your personal data, contact our advisors today. If your claim is valid, they may then be able to put you in contact with a solicitor from our expert panel. 

Our panel of solicitors offers a type of No Win No Fee arrangement known as a Conditional Fee Agreement (CFA). The benefits of this arrangement include:

  • No fee to pay to your solicitor for their services unless they help you make a successful claim
  • There are also no upfront or ongoing fees to pay to your solicitor for their services
  • If your claim succeeds, you will pay a success fee from your compensation. However, this is capped by law.

Our advisors could connect you to a specialist solicitor from our panel, but you must have a legitimate claim. To find out whether you’re eligible, you can:


For more helpful information:

Or, for more informative guides:

We hope you now understand what your rights are following a wrong information data breach. Get in touch today to start your potential claim. 

Writer IN

Editor AC