Wrong Postal Address Data Breach Compensation Claims
Every day organisations send letters containing information that can be considered personal or confidential. There are protections for this type of information; your information being viewed by a party or person not authorised to access the information can be considered a data breach. If your information was revealed to someone because of a postal address error, and this led to you suffering harm, you may be able to claim compensation for the harm you suffered in a wrong postal address data breach.
This guide will go into detail about data breaches; we’ll explain common wrong postal address errors and the various steps you can take if your information was exposed in a data breach. If you suffered harm and are interested in making a data breach claim, you can speak to one of our advisers for information on how to formally begin a claim. They offer free legal advice, can discuss your situation with you and walk you through the claims process.
You can contact them now, for a free consultation through:
Select A Section
- What Is A Wrong Postal Address Data Breach?
- Types Of Postal Data Breaches
- NHS Wales Covid Shielding Letter Wrong Postal Address
- Steps To Take After A Data Breach
- Wrong Postal Address Data Breach Compensation Calculator
- Begin Your Wrong Postal Address Data Breach Claim
Any information that can be used to identify you is considered your personal information. Data protection laws, such as the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, give protection to your personal information when it is used by an organisation (data controller).
There are rules for how your information must be protected and kept confidential and how it cannot be shared in any way considered unlawful. Your personal information being accessed or viewed by someone not authorised to access it can be considered a data breach. Your mail, being delivered to the wrong address can lead to this.
This could happen because of a:
Human Or Clerical Error: Where a person processing your data inputted a wrong address as part of your information
A Computer Error: An error with a machine that led to your data being sent to the wrong address
Failure to Update: If a data controller fails to update contact details when the data subject provides a new address this could cause a letter to be sent to their old address.
If a person was to suffer harm because their data was shared in any of these scenarios, then if they can prove that the data controller is liable for the personal data breach they could be eligible to make a claim for compensation. It is an organisation’s responsibility to safeguard your data, and do everything they reasonably can to avoid your information being exposed because of an error.
If you suffered harm because of a wrong postal address data breach, get in touch with one of our advisers now to discuss the compensation you might be able to claim.
Must Know Data Breach Statistics
The Information Commissioner’s Office (ICO) is an independent body in the UK set up to uphold information rights. Organisations have to report serious data breaches to them; namely breaches which may harm a person’s rights.
The ICO, every fiscal quarter publish statistics on data security incidents reported to them. In the 3rd quarter of 2021/22 there were 181 self-reported incidents of data being posted or faxed to the wrong person.
Data protection laws in this country protect only personal data. This can come in two forms; personal data and information that can be used to identify you such as your name, address, email address, and DOB. Then there is what is called special category data. The UK GDPR adds extra protection to this information as it is considered sensitive and can be information about your sexuality, religious beliefs, trade union memberships and information about your health.
All this type of information can be sent in a letter using a postal service. The data controller who will usually be the one sending this information has to protect it from being breached.
As part of the 7 Core Principles of the UK GDPR, organisations have to ensure that the data they hold about you is accurate and kept up to date. This means if you have updated your address, and have informed them of it, an organisation still sending your mail to the wrong address can be considered a data breach.
If an organisation sent your confidential information to the wrong address and this led to you suffering harm, you can contact one of our advisers now to discuss the legal options available to you
In April 2020, more than 80,000 people were supposed to get a letter to inform them that they were in vulnerable groups and would need to isolate themselves from the Covid outbreak. 13,000 of these letters were sent to the wrong addresses due to an NHS Wales Informatics Service (NWIS), processing error.
Health information being exposed can be upsetting and stressful. If you have had medical information sent to the wrong postal address and have suffered stress due to this data breach, talk to one of our advisers now to discuss the legal options you have available to you.
If a letter meant for you, containing personal information, was sent to the wrong address, you might become aware of the data breach before the organisation does. If this happens you can contact them to make a complaint, or to make an inquiry as to what happened and why it happened.
You can report the data breach to the ICO if you are unsatisfied with their response. If they choose to investigate the issue, they can provide you with a report that you can use if you wish to make a claim. You should contact the ICO within three months of your last correspondence with the organisation.
You can also gather evidence of how the data breach is affecting you and evidence that proves the data breach.
This can be:
Emails: (And similar correspondence) from the organisation acknowledging the error they made.
Financial Records: If the breach led to fraudulent activity that cost you money, maintain records of this as proof of your financial losses.
Medical Records: If the breach led to you suffering mental harm, medical records of your diagnosis can act as evidence in a claim. A data breach solicitor can help you arrange an independent medical assessment.
Our advisers can discuss your situation with you and inform you of the steps you can take if you’ve suffered harm from a data breach. You have data protection rights. Therefore, these allow you to make a data breach claim for compensation when you can prove that the data controller failed to correctly secure your personal information.
Data breach victims who have suffered harm because their information has been breached do not automatically become eligible for compensation. However, if your claim is successful you can be awarded two different types of damages.
Financial harm can be addressed in material damages. Therefore, if your personal information was used to steal money from you (i.e. a credit or debit card scam), you can claim the amount back and similar financial losses in a successful case. You can also claim for costs you had to spend because of the data breach; e.g. costs you spent towards seeking treatment.
You can also claim compensation for any mental or psychological harm you may have suffered. This is known as non-material damages. To illustrate what could be awarded, we’ve included a table with figures from the Judicial College guidelines below:
Injury Notes Award
Severe PTSD Severe effects to the claimant's ability to function in life £59,860 to £100,670
Moderately Severe PTSD Similar symptoms, but a better prognosis of recovery than to the injuries listed above £23,150 to £59,860
Moderate PTSD The claimant will have mostly recovered but some effects can remain £8,180 to £23,150
Less Severe PTSD The claimant will have recovered within a year or two £3,950 to £8,180
Severe Psychiatric Damage The claimant's ability to go cope with life has been severely damaged £54,830 to £115,730
Moderately Severe Psychiatric Damage Injuries similar to above but with a more optimistic look for recovery £19,070 to £54,830
Moderate Psychiatric Damage The claimant will have been showing good recovery even if problems persist £5,860 to £19,070
Less Severe Psychiatric Damage The claimant's ability to perform daily functions will have been affected for a time £1,540 to £5,860
In previous years, it was not possible to claim compensation for mental harm without having suffered financial losses. However, following the ruling in the Court of Appeal case of Vidal-Hall and others v Google Inc , it may be possible to claim either material damages or non-material damages independently.
Our advisers can offer you a valuation of your data breach compensation claim. Why not reach out to them, for a free consultation over your situation.
A solicitor can represent you in a data breach claim on a No Win No Fee basis. This can be an easier way to fund legal representation and can mean you’d have the experience and aid of a solicitor to make sure your claim is handled as well as it can be.
A solicitor working on a No Win No Fee basis would not charge you an upfront fee, nor ongoing fees to handle your claim. If your claim was successful and you were awarded compensation, you would pay them a success fee; a legally capped percentage of the awarded compensation. If your claim was not successful, there would be no success fee to pay.
Our panel of solicitors could represent you in your wrong postal address data breach claim. To inquire about speaking to one, reach out to one of our advisers now by:
Learn More About UK GDPR Rights And Obligations
We’ve included additional links you might find useful, such as:
ICO: The ICO’s guide to claiming compensation for a data breach
ICO: The ICO’s guide to making a complaint to an organisation about a data breach
GOV: The government’s guide to data protection explains the rights you have in regards to the protection of your data.
Thank you for reading our guide on a wrong postal address data breach. We also offer guides on other topics such as:
Please get in touch with our advisers for any help you might need.