Making a claim for data breach compensation could be a necessary step if you’ve been impacted psychologically or financially by a violation of data protection laws.
In this guide, we’ll explain how such breaches can occur, what the impact could be, and you can find links to lots of other useful resources and guides where you can learn more.
What Is A Data Breach?
The Information Commissioner’s Office, which is the UK’s independent data watchdog, defines a personal data breach as a security incident that results in the accidental or unlawful loss, alteration, disclosure, or access to personal data. This covers violations brought on by both unintentional and deliberate factors. Additionally, it implies that a breach involves more than merely losing personal information.
Under the UK General Data Protection Regulations (UK GDPR), personal data is any information relating to an identified or identifiable natural individual. For example, your name, email address, telephone number, or online identifiers such as an IP address.
The ICO considers some types of personal information as more sensitive since it may contain more specific details. Special category data may include medical data, racial or ethnic origin, political opinions, trade union membership details, pregnancy and other medical data, sexuality and religious or philosophical beliefs.
Personal data breaches may involve:
- Unauthorised third-party access
- A controller or processor’s intentional or unintentional action (or inaction)
- Sending personal information to the wrong recipient
- Loss or theft of devices carrying personal data
- Unauthorised modification of personal information
- Loss of personal data accessibility
Learn More About What A Data Breach Is
How To Claim Data Breach Compensation
The Data Protection Act 2018 makes it possible for you to claim data breach compensation under certain criteria.
In connection to a personal data breach, we should define the following key phrases:
- Data controllers: Usually a business or organisation that decides why and how to utilise a person’s personal data.
- Data processors: A third party that processes data on the controller’s behalf.
- A data subject: An individual whom a controller holds personal data on.
A personal data breach may happen due to negligence on the part of the controller or processor, or it may result from unlawful action. However, you may have grounds for a legitimate claim if the breach impacts your data and you experience financial loss or psychological harm as a result.
Ultimately, to be eligible to make a data breach claim, you will need to prove the following:
- A data breach occurred that affected your personal data
- The breach occurred due to the wrongful conduct of the controller or processor
- You suffered harm or loss as a result of the breach
If you are able to show that a personal data breach caused you harm or stress, you must make a claim within the time limit. Under the Limitation Act 1980, the current time limit for filing a data breach claim is six years. However, you have just one year if a violation of human rights occurred during the breach.
Learn More About How To Claim Data Breach Compensation
Data Breach Claims – What Can You Be Compensated For?
You might be entitled to claim material damages as part of your compensation for a data breach. This covers any financial loss brought on by a data breach. For instance, fraudulent purchases on your account, a lower credit score, and even identity theft could result from your credit card information being compromised or stolen due to lost paperwork or another factor. Any associated expenditures may be refunded to you.
In Vidal-Hall v. Google Inc. 2015, the Court of Appeal decided that you can now also make a claim for any psychological injury without having suffered financial loss. Previously, you could only claim for mental suffering if you had endured financial damage. Non-material damage is what we call psychological harm.
Furthermore, following the Gulati & Ors V MGN Ltd (2015) case, a judge ruled that, similar to personal injury claims, personal data breach claimants may be entitled to compensation for any psychological injuries. Therefore, we may use the 16th edition of the Judicial College Guidelines to estimate different compensation ranges for any mental suffering. Legal professionals use the document to value injuries based on previous court rulings.
Learn More About How To Claim GDPR Compensation For Distress
How Much Compensation Will I Get For A Data Breach
Now that we’ve discussed what you can be compensated for, you might wonder, ‘how much compensation will I get for a data breach?’.
To offer an insight into what non-material damage compensation for a data breach could look like, we have used figures from the April 2022 edition of the Judicial College Guidelines (JCG) to create the table below.
Injury | Compensation Amount | Notes |
---|---|---|
Severe Psychiatric Harm Generally | £54,830 to £115,730 | The prognosis is poor and your quality of life will be impacted. |
Moderately Severe Psychiatric Harm Generally | £19,070 to £54,830 | The impact is still significant, however, the prognosis is slightly better than above. |
Moderate Psychiatric Harm Generally | £5,860 to £19,070 | There will have been a marked improvement. |
Less Severe Psychiatric Harm Generally | £1,540 to £5,860 | Your ability to carry out daily activities influences the award within this bracket. |
Severe Post-Traumatic Stress Disorder | £59,860 to £100,670 | Inability to sleep or maintain relationships in your life. |
Moderately Severe Post-Traumatic Stress Disorder | £23,150 to £59,860 | The prognosis is likely to be better if you seek professional help. |
Moderate Post-Traumatic Stress Disorder | £8,180 to £23,150 | Symptoms are still there, however, the prognosis is much more positive. |
Less Severe Post-Traumatic Stress Disorder | £3,950 to £8,180 | A full recovery is made by two years. |
Whilst legal professionals use the JCG to value claims, it’s important that you only use the figures above as guidelines. Solicitors will also take into account any material damage you may have suffered as a result of the breach.
Speak to our advisors for free legal advice at any time convenient for you, and they can answer questions, such as, ‘can I get compensation for a data breach?’.
Learn More About Data Breach Compensation Claims
Below, you can learn more about data breach compensation claims:
- ICO: Action we’ve taken
- Data Security Incident Trends
- Data Protection
- Subject Access Requests
- If you’re interested in claiming Capita data breach compensation, head here. This guide offers lots of useful information on the claims process, eligibility, and how our panel of solicitors can help.
- To learn more about the Southern Water data breach, which is said to have impacted around 500,000 people, head here. You can learn all about the eligibility criteria and claims process.
- We’ve also conducted significant research into the number of data breaches in councils in the country.
- If you’ve been impacted by a group email data breach, you could be entitled to compensation. This guide explains the circumstances in which you can make a claim, potential payouts and how our panel of solicitors can help.
- In March 2023, pension administrator Capita suffered a cyber attacked which affected its clients. Marks and Spencer were one such company, and its employees’ data was impacted by the breach. You can find out about compensation claims here.
- Cyber Security Breaches Survey 2022
- About The National Cyber Security Centre
- What is cyber security?
- Make a complaint
- Your data matters
- Find out what data an organisation has about you
- Guide to the General Data Protection Regulation
- National Cyber Strategy 2022
- Phishing
- How to find No Win No Fee data breach solicitors
- What should I do if my data is breached?
- You can also read our guide on the steps to claiming compensation if affected by a non-molestation order data breach