Every private company that handles personal data has a responsibility to protect the information they hold. When that data is compromised through malicious acts or human error, the emotional and financial consequences for those affected can be potentially devastating. In this private company data breach claims guide, you will learn why you might be entitled to pursue compensation.
We examine all aspects of making a data breach claim against a private company, including the eligibility criteria for starting one and the role of the Information Commissioner’s Office (ICO), the UK’s independent regulator for information rights. As our guide continues, you’ll also see what kind of information a private organisation might collect and how a personal data breach can occur.
You will also find an overview of data breach compensation, together with a look at how it might be determined. In our final section, we look at the particular No Win No Fee contract which our expert panel of data breach solicitors may offer their services under.
At any time as you read this guide, you can reach our advisory team using the contact details given here. Our friendly advisors are here 24/7 to answer questions, provide free advice, and assess your eligibility to claim for free. Get in touch today:
- Calling 020 8050 6279.
- You can also contact us online.
- Or, open the live chat window on your screen now.
We Can Help With Your Claim
Our team of specialist advisors are ready to assist you with your data breach claim
Browse This Guide
- Can I Make A Private Company Data Breach Claim?
- How Much Compensation Could I Get For A Private Company Data Breach?
- What Businesses Can Be Covered In Private Company Data Breach Claims?
- The Role Of The ICO In A Private Company Data Breach
- What Kind Of Personal Data Could A Private Company Keep Stored?
- How Can I Start A Claim If A Private Company Breached My Data?
- No Win No Fee Private Company Data Breach Claim
- More Information
Can I Make A Private Company Data Breach Claim?
Yes, you could make a private company data breach claim if you can prove that:
- An organisation failed to comply with data protection laws.
- This failure caused a personal data breach, resulting in your information being compromised.
- The breach led to financial losses, psychological distress, or both.
All organisations, including private companies, have obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 to keep your personal data safe. These work hand-in-hand to form the data protection laws that govern how the personal information of UK citizens is processed.
There are 3 relevant parties when examining data breach incidents. These are:
- The organisation that decides when, how, and why your personal data is to be used, stored, or processed. This organisation is called a data controller.
- Data controllers may make use of external organisations in order to process data. These third parties are called data processors. We should emphasise that not all controllers will use external services and may choose to do this themselves.
- Living identifiable individuals to whom the personal data is related are called data subjects.
Later on in this guide, we’ll take a look at how a personal data breach involving a private company might result in a compensation claim. You can also get in touch with our 24/7 advisory team to learn more about the eligibility criteria for starting a personal data breach claim.
How Much Compensation Could I Get For A Private Company Data Breach?
How much compensation you could get in private company data breach claims may be determined by your psychological distress, as well as the financial impact. These are referred to as non-material and material damage, respectively.
We’ll explore material damage in more detail in the section below. Non-material damage may be calculated using your medical evidence alongside the Judicial College Guidelines (JCG).
The JCG publication sets out guideline compensation brackets for many forms of harm, including those resulting in conditions like post-traumatic stress disorder (PTSD). We have used the brackets for psychological harm, apart from the top entry, in our table here.
Compensation Table
Please note that the information contained in this table is intended as guidance only and doesn’t guarantee data breach compensation.
| Type of Harm | Severity | Guideline Payout Figure | Notes |
|---|---|---|---|
| Multiple Forms of Very Severe Psychological Harm with Financial Damage | Very Severe | Up to £500,000+ | Multiple forms of very severe psychological harm combined with expenses for costs like extra security. |
| General Psychiatric | Severe | £66,920 to £141,240 | Marked problems regarding ability to cope with life, education, personal relationships, and employment. This bracket will also consider factors like the prognosis and to what degree treatment might be successful. |
| Moderately Severe | £23,270 to £66,920 | Significant problems relating to work, social life and relationships (as in the above bracket), but a much more optimistic prognosis. | |
| Moderate | £7,150 to £23,270 | Where the affected person has undergone a marked improvement regarding the problems listed above. The prognosis will also be considered to be good. | |
| Less Severe | £1,880 to £7,150 | This bracket is influenced by the impact on sleep patterns and daily activities, as well as the length of disability. | |
| Post-Traumatic Stress Disorder | Severe | £73,050 to £122,850 | PTSD will prevent someone from working or (at the least) being able to function anywhere near pre-trauma levels. The PTSD will badly affect all aspects of life. |
| Moderately Severe | £28,250 to £73,050 | A better prognosis than above, owing to some degree of recovery with the help of professionals. However, the PTSD will still cause significant disability for the foreseeable future. | |
| Moderate | £9,980 to £28,250 | Claimant will have mostly recovered, and any ongoing effects will not be deemed grossly disabling. | |
| Less Severe | £4,820 to £9,980 | Virtual recovery within 1-2 years, with only minor symptoms persisting for longer. |
We Can Help With Your Claim
Our team of specialist advisors are ready to assist you with your data breach claim
What If I Have Experienced Financial Loss As A Result Of The Breach?
If you have experienced financial loss as a result of a personal data breach, this can be compensated as well. This material damage is summarised below:
- Loss of earnings due to time taken off work.
- The cost of investing in extra home security
- Out-of-pocket expenses incurred while relocating to a new home.
- Medical expenses relating to counselling or therapy for the psychological impacts.
Material damage needs supporting evidence in order to be claimed for. So, be sure to keep hold of your payslips, purchase receipts, invoices, and other documentation that can prove your losses.
To get a free eligibility assessment and to inquire further about data breach compensation, please contact our advisors today. All advice given is free and fully confidential.
What Businesses Can Be Covered In Private Company Data Breach Claims?
Any business that holds or uses the personal data of its customers can be covered by private company data breach claims. These companies could be shops and other retailers, mechanics, accountants, law firms, and utility companies, to name but a few.
Below, we have set out a few examples of how a private business might cause a data breach:
- A failure to regularly assess whether cybersecurity software is up-to-date causes a serious data breach at work, in which criminals gain access to the personal records of multiple employees, including your own. Names, addresses, contact information, and other details are all stolen, causing you significant distress.
- Poor administration at a private medical clinic means that your home address is not updated despite you notifying staff several times about the change. As a result, a letter containing sensitive information about your health is sent to the wrong address, leading you to develop severe anxiety.
- A lack of adequate data protection training at your water provider meant staff did not know how to respond to a security incident like a malware attack. That results in the theft of personal data belonging to thousands of customers, including yours. You suffer from anxiety as a result and have to invest in additional home security.
- Human error leads to a group email data breach when a cosmetic surgery clinic fails to use blind carbon copy (BCC) for their weekly newsletter. It leads to your email address, which contains your full name, being revealed to every registered client.
We appreciate this is a very broad area, and the above examples are intended to act as guidance, so please don’t worry if you didn’t see your particular circumstances. You can share your own experiences in complete confidence with our 24/7 advisory team via the contact information given below. They can provide you with further guidance and provide you with a free eligibility check of your potential claim.
The Role Of The ICO In A Private Company Data Breach
The ICO’s role in a private company data breach is to investigate whether there has been a failure to uphold obligations. All organisations have a responsibility to notify the ICO about a data breach if they believe there is a high likelihood that it will impact the freedoms and rights of those affected. This should be done no more than 72 hours after the breach has been discovered.
You have the option of raising your concerns with the organisation responsible for your personal data at any time if you don’t believe they have adequate protections in place. If you receive an unsatisfactory response, or none at all, you can then make a complaint to the ICO itself. This complaint should be made within 3 months of the last meaningful contact you had with the organisation.
While the ICO does not have the power to award compensation, any findings from their investigations are useful evidence for any claim. In some cases, the ICO may also issue fines of many thousands of pounds.
In the next section, we’ll examine what evidence can be used in private company data breach claims. You can also speak with one of our advisors to learn more about the role of the ICO and the effects they can have on your potential claim.
What Kind Of Personal Data Could A Private Company Keep Stored?
Private companies may store all kinds of personal data on both their customers and employees, so we’ve provided a few examples here:
- Names.
- Address.
- Contact information, such as phone numbers and email addresses.
- Bank and credit card information.
As you can see, personal data means any information that can be used to identify a living individual through both direct and indirect means.
Certain types of personal data are considered to be more sensitive and, therefore, require additional protection. This special category data includes information regarding race and ethnic origin, political and religious views, health data, sexual orientation, sex life, and genetic data.
Depending on the field in which the private company operates, this special category may vary significantly. For instance, a cosmetic surgery clinic might have sensitive information about your health, while a genealogy website may collect genetic data for their DNA tests.
You can find out more about claiming against a particular private company following a personal data breach by talking to our advisors today.
How Can I Start A Claim If A Private Company Breached My Data?
You can start a claim if a private company breached your data by calling our advisors for a free eligibility assessment. If eligible, you’ll be connected with a dedicated data breach solicitor from our expert panel.
A key task that a solicitor from our panel could assist you with is gathering supporting evidence. When making a claim, it is important to be able to prove a failure to comply with data protection legislation as well as the impact the breach had on you.
Below, you can see some examples of the evidence that can be beneficial when making private company data breach claims:
- The data breach notification letter, if you received one. Private companies and other organisations must notify you without ‘undue delay‘ if the breach poses a high risk to your freedoms and rights.
- Findings from the ICO investigation, if one was undertaken.
- Any other correspondence relevant to your data breach claim.
- Proof of the financial losses discussed earlier in this guide.
- Medical records that can confirm what psychological harm you endured and how it has impacted your life.
Our advisors are available at any time to provide free advice, as well as a free assessment of your eligibility. Get in touch with our advisors today via the details given in this guide.
No Win No Fee Private Company Data Breach Claim
To get started with your potential No Win No Fee private company data breach claim, talk to our advisors for a free eligibility assessment today. The specialist solicitors making up our panel pride themselves on providing an efficient, professional service that is built to suit your needs.
Here are just some of the services they can provide to eligible claimants:
- Arranging for an independent medical assessment to determine what harm you have sustained.
- Supporting your recovery by helping you access therapy, counselling or other specialist care.
- Gathering evidence to build a strong and compelling case.
- Keeping you updated at every stage of the claim and ensuring any questions you have are given prompt answers.
- Negotiating on your behalf to secure the best possible settlement for you.
The solicitors on our panel offer their services under a particular contract called a Conditional Fee Agreement (CFA). This agreement means there are no solicitor fees to pay at the start of or during the claim. You also won’t have to pay any such fees if the claim is lost.
A success fee is only taken from your compensation if the claim is won as payment for the solicitor’s work. The Conditional Fee Agreements Order 2013 caps the percentage that can be charged for this fee at 25%.
Contact Our Advisors To Begin A Claim
You can reach our advisory team at any time using the contact details given here. Our friendly advisors can answer questions, provide free advice, and asses your eligibility without any obligations to proceed with a claim. Get in touch today:
- Calling 020 8050 6279.
- You can also contact us online.
- Or, open the live chat window on your screen now.
More Information
Read more of our data breach claims guides here:
- Learn more about claiming for a medical data breach here.
- Read our guide on gaming data breach claims and learn more about seeking compensation.
- Find out if you could claim for travel and hospitality industry data breach claims with this guide.
We have also included some external resources for further information:
- Access the guidance on data breaches for individuals and families from the National Cyber Security Centre.
- View this government overview of data protection.
- Learn more about the action taken by the ICO here.
Thank you for taking the time to read our guide to private company data breach claims.