We all want to support the causes we believe in, and there’s no doubt that many charities across Britain do fantastic work. Making donations is something that can be done spontaneously on the street by a charity worker taking a list of personal details. But are you giving more than you want to? If your personal information was used in a way that harmed you, this guide explains how to make charity data breach claims.
We begin our article by explaining who could have good grounds to start a charity data breach claim. There are laws that oblige all those in possession of our personal data to use and retain it carefully, and we look at some types of incidents that could occur if these laws aren’t followed. After this, we list some evidence you can use to structure a claim for compensation from the charity or agency at fault.
Data breach claims can become complex, so we look at the benefits of working with a data breach solicitor from our panel. By providing their services through a type of No Win No Fee agreement, you could benefit from their expert guidance with no worries about upfront or ongoing legal costs holding you back.
Read the sections below to learn more. Alternatively, you can contact our advisors for an immediate assessment of your case:
- Ring us for free on 020 8050 6279
- Contact us here to make a claim enquiry or ask a question.
- Start a conversation using the chat box below.
Frequently Asked Questions
- A Charity Has Breached My Data, Can I Claim?
- What Charity Data Breach Compensation Could Be Awarded?
- How Might A Charity Data Breach Occur?
- What Is Needed To Claim After A Breach Of Charity Data?
- Why Work With Data Breach Claims?
- No Win No Fee Data Breach Claims
- Learn More
A Charity Has Breached My Data, Can I Claim?
Yes, if a charity breaches your personal data and this causes you either mental or financial harm (or both), you could have a valid compensation claim.
Anyone who can prove their personal data was misused by a charity in a way that caused them harm could be eligible to seek compensation. This is because two main pieces of legislation, the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR), apply an obligation on all organisations and agencies to process personal data in specific ways.
Personal data is a term used to encompass a wide array of information, ranging from basic contact details to more sensitive information (known as special category data). In the wrong hands, it can be used to steal or extort money from the charity and its donors.
Two main groups are involved in data use control: controllers and processors. One group sets the intention of data use and the other works with it for their purposes. This can be done by the same organisation or by a different, outside third party. The UK regulator for public data rights, the Information Commissioner’s Office (ICO), outlines the responsibilities of data controllers and processors, including stating the purpose behind processing data and how this processing will be carried out.
A personal data breach can be defined as the loss of integrity, accessibility, or confidentiality of information that could be used to identify you (either directly or indirectly). With this in mind, you could have valid grounds to launch a charity data breach claim if you can show these points:
- The charity had a lawful obligation to process your data properly.
- They failed to do this, resulting in a data breach.
- You suffered financial and or emotional harm as a result of the breach.
What Charity Data Breach Compensation Could Be Awarded?
You can be compensated for 2 types of damage in a successful charity data breach claim. These are the financial harm you suffered, otherwise called ‘material damage’ and the emotional distress caused by the breach of your personal data, otherwise called ‘non-material damage’.
A sudden invasion of your privacy and possible theft of your assets can be very distressing. This harm can range from general stress to a completely life-altering trauma reaction, depending on the severity of the breach. Reputational damage and fear of future breaches can add to this distress.
With the correct medical evidence, those working on your claim can compare proof of your psychological injuries with publications like the Judicial College Guidelines (JCG). This book provides guidelines for compensation for various psychological harms based on past cases in England and Wales. The excerpt below uses these to illustrate (except the first line):
Compensation Guidelines
| TYPE OF HARM | HOW SEVERE? | COMPENSATION GUIDANCE | DETAILS |
|---|---|---|---|
| Multiple forms of psychological harm and material damage | Severe | Up to £500,000 plus | In compensation of this size, the person has typically suffered several types of psychological harm and receives a substantial settlement for loss of earnings and financial costs to recover from psychological damage or moving home. |
| General Psychological Harm | (a) Severe (i) | £66,920 increasing to £141,240 | Person suffers an acute response and feels negative impact in all areas of daily life. |
| (b) Moderately Severe | £23,270 increasing to £66,920 | Significant problems to those covered in the bracket above but a better outlook is predicted in the months to come. | |
| (c) Moderate | £7,150 increasing to £23,270 | The similar factors covered above may be present but improve by the point of a trial. | |
| (d) Less Severe | £1,880 increasing to £7,150 | Awards here consider the duration of injury experienced. | |
| Post-traumatic stress disorder (PTSD) | (a) Severe | £73,050 increasing to £122,850 | Permanent harm that prevents the person from functioning in any area of life as they did prior to traumatic event. |
| (b) Moderately Severe | £28,250 increasing to £73,050 | This category differs from previous one based on the improvements brought about by professional counselling. | |
| (c) Moderate | £9,980 increasing to £28,250 | By and large a recovery from the more extreme effects of the trauma. | |
| (d) Less Severe | £4,820 increasing to £9,980 | Almost a complete recovery within 2 years and only minor issues present themselves beyond this. |
Can Other Damages Be Claimed After A Data Breach?
Yes, alongside non-material damage, you could be compensated for your material damage too (or your material damage alone). This focuses on the out-of-pocket expenses or losses the data breach has caused you. Again, you will need to put forward documented evidence of the financial harm, and this can include the following:
- Payslips or statements that prove your income suffered because of the impact of stress.
- Statements and credit reports that show financial theft on your credit card.
- The cost of seeing a mental health counsellor.
- The accumulated costs of needing to restore your privacy, such as replacing laptops or smartphones. In extreme cases, this may include the costs of changing jobs, schools, or even relocating.
As you deal with the turmoil of a serious data breach, it can be a real support to know a solicitor is focused on your case. They can also accurately calculate compensation for any future costs, such as ongoing counselling or prolonged loss of earnings. Why not see how our panel of solicitors could calculate material and non-material damage amounts for you?
How Might A Charity Data Breach Occur?
Human error and criminal activity can both cause a breach of personal data processed by a charity. This can occur to charity employees and volunteers, service users and donors.
Furthermore, breaches can involve physical files, electronic devices as well as verbal disclosures (ie, charity workers discussing a service user in front of a member of the public) or cyber systems. With this in mind, here are some examples of how charities might fail to secure the personal data they process in a way that causes a breach to the public:
Phishing Attacks
Cybercriminals may pose as volunteers and staff from the charity and attempt to elicit information from the public either by phone or in the street. Charities must carefully vet their volunteers and staff, ensuring that correct sign-up procedures are followed and any unusual email activity within the charity is acted on promptly. They also must ensure that staff and volunteers have appropriate cybersecurity and data protection training.
Cyber Attacks
The charity has an obligation to ensure that its cyber defences are robust. This may involve regular assessments of software security, updating firewalls, and routinely changing passwords. They need to be vigilant to any other weaknesses and alert to the risk of hackers infiltrating databases with suspicious emails.
Human Error
Staff training in DPA and UK GDPR obligations is a crucial aspect of cybersecurity in the charity sector. Anyone working for the charity must understand the importance of taking personal responsibility for how the data of others is processed and used. And what they can do to prevent obvious errors like losing customer details or wrongly including customer data in an internal email. If it’s a charity large enough to have shopping outlets, staff need to follow in-store UK GDPR protocols to protect customers.
Ransomware Attacks
A more sophisticated method of cybercrime called ransomware involves stealing information and demanding a ransom for its release. Given that charities often need to collect bank details for regular donations, this can involve the financial information of thousands of people. Also, the charity might use third party data processors to help process data who could be more easily attacked.
Physical Loss Of Data
The charity likely retains donor paperwork, which may contain sensitive information such as names, addresses, payment details, political and philosophical beliefs, or other personal data. Staff can cause paperwork to be lost or stolen in unsecured locations (such as public transport or in store waste bins), allowing unauthorised parties to access it. Personal data can also be posted or faxed by the charity to the wrong address or recipient.
Verbal Disclosure
Alongside taking care of paperwork and digital data, the charity must also maintain verbal confidentiality. Chatting amongst themselves or with other members of the public could pose a potential data breach risk, particularly when signing up donors on the street or in a charity shop.
However you think the data breach arose, if you believe the charity failed to comply with data protection laws, speak to us. Our advisors can dive deeper into charity data breach claims with you over the phone or via the live chat function below.
What Is Needed To Claim After A Breach Of Charity Data?
Charity data breach claims must be supported with compelling evidence in order to be valid. There are steps you can take to assemble proof of the data breach and lay the foundation for your compensation claim. You need to show its impact on you psychologically and/or financially. The following is useful:
- Any correspondence from the charity regarding the data breach. They are obliged to notify you within 72 hours of discovery if the breach is serious enough to threaten your freedoms and rights.
- Copies of any complaint you made to the charity after discovering the breach and what response they gave.
- If the charity fails to provide a satisfactory response (with 3 months of last contact), you can escalate the matter with the ICO, who may investigate. Copies of their involvement are useful supporting evidence.
- You can also complain to the Parliamentary and Health Service Ombudsman.
- Bank statements and credit score reports that prove the financial harm experienced.
- Medical reports detailing the harm you’ve suffered because of the charity data breach.
A solicitor from our panel can assist you in gathering as much evidence as possible so you might want to consider contacting us. Call to see whether they can handle your charity data breach claim today.
Should I Report The Data Breach To The ICO?
Reporting the data breach to the ICO is not a mandatory requirement. It has no impact on your right to claim either way. However, the ICO may decide to look into the matter, especially if you were part of a broader data breach that impacted others.
The ICO has the authority to investigate any company or organisation, large or small, for data protection breaches. They regularly take action against flagrant offenders of data breach laws and can issue substantial fines against those found to be in breach.
If the ICO does launch an investigation and decides to take action against the charity, their findings could help strengthen your claim. You can request this information from the ICO, and a data breach solicitor could help you with this, so get in touch.
Why Work With Data Breach Claims?
At Data Breach Claims, our panel of expert solicitors have been helping people get the compensation owed to them for decades. They provide an array of outstanding legal services to their clients:
- Expert navigation of the data breach claims law.
- A robust defence of your interests and prompt handling of all correspondence with the charity.
- Prompt attention to court requests.
- Calculations of the compensation owed.
- Regular updates on how the claim is progressing.
- Support with collecting useful evidence,
- Scrupulous attention to detail throughout the entire claims process.
These benefits can streamline the claims process and make it far less stressful for you. It takes just a moment to call, email or chat below about how they would handle charity data breach claims.
No Win No Fee Data Breach Claims
If you have concerns about the costs of working with a data breach specialist solicitor, we can help. Our panel of solicitors can provide legal representation through a type of No Win No Fee contract. Usually, they recommend a Conditional Fee Agreement (CFA). Using their services this way has a host of advantages for you:
- You won’t have to pay any upfront fees to instruct the solicitors and start work.
- No fees for the solicitor’s work apply as the work on the claim progresses.
- Claims that fail require no fees for completed services by the solicitors.
- A successful data protection compensation claim outcome requires payment of a ‘success fee’ to your solicitor. A legislative limit applies to the percentage that can be taken to cover this fee.
- In addition to the cap, you can agree on thispercentage with your solicitor at the start. This ensures that if compensation is awarded, you benefit most.
Tackling charity data breach claims this way can give you an enormous piece of mind. While your solicitor handles the stressful legal stuff, you can get on with restoring your data privacy.
Contact Our Advisors Today
To start the claims process or ask any questions you have about charity data breach claims, speak to our advisory team. If your case is eligible, they can help you get it started today.
- Ring us for free on 0208 050 3051 to see if you can claim data breach compensation.
- Contact us here to make a claim enquiry.
- Start a conversation using the chat box below.
Learn More
You can read more on related topics here:
- Here is guidance on claims for data breach compensation based on human error.
- Read about the time limit for data breach claims.
- Also, information on how to sue a company for a breach in data.
Outside resources to help:
- This resource provides tips for staying secure online from the National Cyber Security Centre.
- Also, read more information from GOV.UK about the data protection law.
- Lastly, information on how small charities can protect themselves from cyber crime.
In conclusion, thank you for reading our guide. If you need any more support with charity data breach claims, please connect with our advisors.