Wrong Email Address Data Breach Compensation Claims
Have you suffered harm because of a wrong email address data breach? Were your personal or confidential details sent to another recipient in a way that caused problems for you? Perhaps you were included on a bulk email campaign without permission, or a third party failed to use the ‘Bcc’ (blind carbon copy) facility that prevents disclosure to others on emails?
Whatever the exact circumstances of the problem, this guide aims to explain how you can be compensated by the liable party for wrong email address data breach problems. After the Court of Appeal heard Vidal-Hall vs Google Inc it set a precedent, it now means that compensation could be paid for emotional illness when there is no case for financial losses caused by the data breach. With this in mind, you could be owed compensation for either or both.
At UK Law, we can offer free legal advice and help to connect you with a member of our panel of data breach solicitors to assess your compensation. Its simple to start, just:
- Call our advisors on 020 3870 4868
- Contact us online and request a callback
- Use the ‘live support’ option
- Read the sections below and click on the highlighted text for further help
Select A Section
- What Is A Wrong Email Address Data Breach?
- Is Sharing An Email Address A Breach Of The UK GDPR?
- What Could Cause A Wrong Email Address Data Breach?
- How Could Human Error Cause A Wrong Email Address Data Breach?
- Wrong Email Address Data Breach Compensation Calculator
- Get Help With A No Win No Fee Claim
The Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) are the main laws that protect personal information in this country. Personal information is data that can be used to identify you. Or used with other information to identify you. Only information that is considered personal or sensitive is protected by data-protection laws. Personal information can include your name, phone number, address as well as your email address. A wrong email address data breach can happen when personal information about you is sent to the incorrect email.
An independent body called the Information Commissioner’s Office (ICO) which upholds personal data rights can fine organisations when they breach data security laws.
But what is a personal data breach?
A data controller or processor will handle your personal information. A data controller is usually an organisation that says why and how this data will be processed.
Under UK GDPR they must ensure that any personal data they handle is kept secure. A personal data breach is a security incident that means personal or sensitive data has been stolen, lost, destroyed, altered, disclosed or accessed unlawfully.
These issues can be the result of human error or the consequences of an external cyber attack. Those who possess your personal data (including email addresses) have a legal obligation to report a serious breach to the ICO within 72 hours.
Data Breach Statistics
The statistics below show what percentage of organisations that are trying to implement good data protection procedures:
Generally, for an organisation to be able to share any of your personal information there must be a lawful basis to do so. There are 6 lawful bases in total and one of them is consent. If an organisation shares any personal data without a lawful basis being met this is considered a data breach. But there are many other ways that a data breach could occur.
Email addresses are considered personal data. This means that it could be used, either directly or indirectly to identify you as a distinct and separate person. Because of this, exposing that address may compromise your data security.
Personal data breaches can happen through human error. This could happen because staff or employees are not trained correctly on data security and awareness. They can also happen because of online criminals trying to breach databases and online networks. It is vital that data controllers train their staff on data security and ensure that they are compliant with the DPA 2018 and the UK GDPR. Also, data controllers should ensure that their online presence is secure by firewalls and cyber security programs.
Examples of how an email data breach could occur:
- Malware, Ransomware, and phishing attacks
- An employer sends your payslip to the incorrect recipient
- The hospital sends an appointment to the wrong email address
- You are copied in a mass email but the BCC is not used and your email address is exposed.
Human error and lack of appropriate staff training can give rise to many data breach incidents. A member of staff could create a problem by doing any of the following:
- Failing to check email recipients fully
- Not using the ‘Bcc’ option
- Not checking that autofill options have not included details
- Incorrectly performing a group email action
- Failing to read or redact email contents as necessary
A wrong email address data breach claim would in the first instance show how the data controller or processor is liable for the data breach. This is often shown through their lack of adherence to data protection laws. Secondly, you would need to show that personal data was involved in the breach. And lastly how this breach affected you.
Once you can prove that another party is liable for the personal data breach that involved your email address you can put forward a claim to seek damages for the stress or financial problems it caused.
Material damages relate to actual out-of-pocket costs caused to you as you dealt with any financial issues the data breach caused this can include any money stolen from your bank account or the negative effect on your credit score. Loss of earnings as well as counselling following the breach can also be claimed for.
Non-material damages are for the mental suffering caused. A medical report may be used to identify the psychological issues you are claiming for. These amounts are calculated by referring to a guide for personal injury awards called the Judicial College Guidelines. This publication assesses amounts for pain, suffering, and loss of amenity caused.
Although not certified amounts, the chart below gives an idea of what could be possible for serious stress or mental illness:
|Type of Psychiatric Damage||Severity and What the Judicial College Awards Bracket is||Additional Information|
|General Psychiatric Harm||(a) Severe Level - £51,460 - £108,620||Pronounced mental health problems with a poor prognosis for recovery|
|General Psychiatric Harm||(b) Moderate Tending Toward Severe - £17,900 -|
|Awards tend to be in the middle of this bracket for cases with a better prognosis than the above|
|General Psychiatric Harm||(c) Moderate in Nature - £5,500 - £17,900||Psychiatric issues that show an improvement by the time of hearing the case|
|General Psychiatric Harm||(d) Of Lesser Severity - Up to £5,500||Award acknowledges how long the disability lasted and how badly it impacted work, sleep and relationships|
|PTSD||(a) Severe Level - £56,180 - £94,470||Permanently injurious effects preventing work or normal function|
|PTSD||(b) Moderate Tending Toward Severe - £21,730 -|
|Some recovery with professional help can be hoped for, but a significant level of disability is present|
|PTSD||(c) Moderate in Nature - £7,680 - £21,730||The person will be recovered on the whole, some minor persisting issues|
|PTSD||(d) Of Lesser Severity -Up to £7,680||Within a 24 month period a full recovery has occurred, only very mild persisting issues|
Find out more about these damages by speaking with our team. Or use our mental health compensation calculator.
It’s possible for anyone to start a claim for a wrong email address data breach. Raising a complaint directly with the company or agency concerned is one way to start.
Or you can use legal representation. At UK Law we can connect you with data breach specialists who could do all the necessary work for a wrong email address data breach claim on a No Win No Fee basis. It costs nothing upfront to do this. Solicitors’ percentages are set at a maximum 25% which is deducted from your settlement when a case wins.
So in conclusion, if you would like to find out more about how a service like this could work for you, please feel free to:
- Call our advisors on 020 3870 4868
- Contact us online, requesting a callback
- Use the ‘live support’ option, to the bottom right
Learn More About The UK GDPR and Rights Of Data Subjects
In addition to advice on wrong email address data breach, we can also help with:
- A data breach involving lost medical records
- General advice on data breach compensation
- What could you claim for a data breach if your personal data was not locked away or secured
- Government tips for safety online
- And more advice from the National Cyber Security Center (NCSC)
- Finally, help from the ICO with spam emails