What Is A Counsellor Data Breach Compensation Claim?
A counsellor data breach can impact people at their most vulnerable point. Seeking counselling requires the individual to trust in the service they are using. Part of this trust includes having confidence that the details they provide will be kept safe and confidential.
UK law supports this expectation with legislation called the Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR). But what happens if your personal data is breached by a counsellor? This guide explains.
A counsellor data breach can cause enormous distress as well as financial damage. If you would prefer to discuss your intention to seek compensation in person, our team are ready to help with free advice and no obligation to proceed. Simply:
- Call us on 020 3870 4868
- Contact us online and request a callback
- Or access free advice through our ‘live support’ option, bottom right
Select A Section
- What Is A Data Protection Breach By A Counsellor?
- Medical Records A Counsellor Could Hold
- What Could Be The Emotional Impact Of A Data Breach?
- Preventing A Counsellor Data Breach
- What Could You Claim For A Counsellor Data Breach
- Get Help To Make A No Win No Fee Claim
In the UK, personal data is protected by the Data Protection Act 2018 and UK GDPR. This requires all agencies, organisations and businesses to handle personal data with a much greater level of care. Data protection is enforced by an independent body called the Information Commissioner’s Office (ICO). They can investigate and issue fines to any agency that fails to apply these laws in their practices.
With this in mind, UK GDPR asks that data is requested and used in accordance with one of 6 lawful basis for processing. The law also lists core principles to be applied. These state that data use should be:
- Lawful, fair and transparent.
- Limited in purpose
- Kept to a minimum
- Kept for a limited time
- Treated with integrity and confidentiality
- And with personal accountability by all involved
A personal data breach may arise if an organisation fails to properly apply these principles in their data handling. With this in mind, central to a claim for compensation is the ability to show that those who had a responsibility to protect personal data failed in their obligations to adhere to data protection laws.
What Is A Counsellor?
A counsellor works with people who have arrange of different emotional or psychological difficulties. Counsellors can be private, fee-charging or help people through the NHS.
A counsellor may treat people with anxiety or depression, phobias or obsessive-compulsive disorders (OCD). Their treatment sessions can range from a few weeks to months or even years with weekly or daily sessions with their clients.
A counsellor could have access to the basic details such as name, address and contact email, but also:
- Date of birth
- Bank account details
- Racial or ethnic information
- Details relating to dependents or spouses
- Criminal records or pending court cases
UK GDPR defines health information as a special category. This is in recognition of the way that a security incident involving information such as this could cause greater harm to the data subject. Therefore, counsellors have an extra duty to handle medical records and data with greater care, whether it’s past, current or future health details.
The impact people face after their personal information has been breached can be all different. Often it might reflect the information that is involved. During counselling sessions clients are likely to talk about very sensitive, private and personal issues. If this type of information was to be exposed then the client may greatly suffer with their emotional and mental health.
In addition, a counsellor data breach could exacerbate feelings of depression or even create a greater sense of anxiety, chronically impacting all areas of life.
Human error can be the major cause of data breaches. A counsellor will hopefully be mindful of this and implement UK GDPR in their dealings with clients. There are some steps that they can apply to protect the integrity of client information:
- Apply security passwords and privilege access controls
- Encourage a culture of good data practice
- Discuss data issues with clients in a clear and open way
- Improve or enhance training amongst staff
- Ensure that devices such as laptops and smartphones are safe
- Always ensure client/patient notes are stored or locked away
There are steps that you can take if you feel your counsellor or their office has breached your patient’s details. Firstly, you can complain to them directly. If you fail to hear a satisfactory response from them, wait no longer than 3 months from the date of the last contact to elevate your complaint to the ICO.
You can do this by complaining directly to the ICO. It’s important to note that the ICO is not obliged to get involved and does not pay any form of compensation. You would need to launch a claim for damages.
Firstly, to start a compensation claim you must be able to show how the data controller allowed your personal information to be breached. Secondly, how this breach of information caused you harm.
Importantly, data breach claims can include two types of damages if you have evidence. Firstly, material damages look at the financial harm caused. This could include being able to prove any of the following:
- A loss of earnings
- The cost of replacement computers or lost devices
- Additional counselling expenses
- Any financial losses caused by the breach of your data.
As well as this, after a case called Vidal-Hall v Google Inc it was established that emotional harm (non-material damages) could be acknowledged in its own right. Therefore, psychiatric injury award brackets listed in the Judicial College Guidelines (16th edition published in April 2022) can apply:
|Psychological and Psychiatric Damage||The Judicial College Guideline Award Bracket and Severity Level||Details|
|General Psychiatric Damage||£54,830 to £115,730 (a) - Severe||Cases of marked problems and a poor future prognosis|
|General Psychiatric Damage||£19,070 to £54,830 - (b) Moderately Severe||Cases of permanent or long-standing disability that prevent a return to work|
|General Psychiatric Damage||£5,860 to £19,070 - (c) Moderate Levels||Significant issues but by the time the case comes to trial there should be improvements.|
|General Psychiatric Damage||£1,540 to £5,860 - (d) Less Severe Level||Length and severity of initial issues or their potential to create a phobia reflected in this bracket|
|Post-Traumatic Stress Disorders (PTSD)||£59,860 to £100,670 - (a) Severe||Mental harm that causes permanent injury, impacting all areas of person's life|
|Post-Traumatic Stress Disorders (PTSD)||£23,150 to £59,860 - (b) Moderately Severe Level||Although there may be significant persisting issues, professional counselling helps|
|Post-Traumatic Stress Disorders (PTSD)||£8,180 to £23,150 - (c) Moderate Levels||No grossly disabling issues persisting|
|Post-Traumatic Stress Disorders (PTSD)||£3,950 to £8,180 - (d) Less Severe Levels||A full recovery achievable within a 24 month period|
Or use our psychiatric and mental health compensation calculator.
Furthermore, please note, there is a six-year time limit to making a data breach claim and this reduces to one year when your complaint is against a public body. With this in mind, start a claim as soon as you feel ready.
At UK Law, we can connect you with data breach solicitors offering a No Win No Fee service. Whilst you can launch a counsellor data breach claim independently, a specialist in this field could help. For example, No Win No Fee agreements mean:
- No upfront costs to hire the solicitor
- No cost as the claim progresses
- Nothing to pay to the solicitors if the claim fails
- Only a 25% maximum deduction from your payout needed as a success fee if the claim wins.
Therefore, to find out more on this today and launch a claim after counsellor data breach, please feel free to:
Medical Data Protection Breach Claim Guides
In conclusion, UK Law can offer help on other issues similar to counsellor data breach problems: