How To Take Legal Action For A Data Breach

This guide offers information about how to take legal action for a data breach. In the sections below, we look at when you could be eligible to launch a claim following the breach of your personal data, as well as the other steps you could take after a breach has occurred.

action for a data breach

How To Take Legal Action For A Data Breach

In addition, we explain the legislation that describes the responsibilities certain third parties have when processing, as well as storing, and handling, your personal dataWe also discuss what a personal data breach is, and how one could occur either through human error or due to a cyber security breach.

Furthermore, we discuss data breach compensation payouts, including what they consist of, and how they are calculated.

Our guide concludes by outlining the advantages of working with our panel of data breach solicitors on the basis of a No Win No Fee agreement.

To get started now you can:

  • Call our advisors 7 days a week, 24 hours a day on 020 8050 3051
  • Contact us online.
  • Ask a question via the live chat option below.

Jump To A Section

  1. Data Breach Claims – When Are You Eligible To Seek Compensation?
  2. How To Take Legal Action For A Data Breach
  3. How Could A Data Breach Be Caused By Wrongful Conduct?
  4. Data Breach Compensation Calculator
  5. Why Make A No Win No Fee Data Breach Claim?
  6. Learn More About Taking Legal Action For A Data Breach

Data Breach Claims – When Are You Eligible To Seek Compensation?

In order to have valid grounds for a personal data breach claim, you need to show that:

  • There were clear failings on the part of the data controller, the party who sets the means and purpose for processing, or the date processor, the party who acts on the controllers behalf, to follow data protection laws.
  • Because of this, a data breach occurred that involved your personal data.
  • As a result, you suffered financial damage, mental harm or both.

Personal data is classed as any information that can be used to identify you. This can typically include your name, email address, postal address, phone number, National Insurance number, and credit or debit card details.

To ensure the protection of your personal data, there are two pieces of legislation called the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR). They describe the ways data controllers and data processors need to process, handle or store your personal data.

An independent organisation called the Information Commissioner’s Office, enforces these data protection laws and upholds information rights. They offer a definition of a personal data breach as a security incident in which your personal data is lost, destroyed, or altered accidentally or unlawfully, or it is accessed or disclosed where no authorisation was given to do so.

To discuss whether you could be eligible to take legal action for a data breach, please contact an advisor on the number above.

How To Take Legal Action For A Data Breach

There is some action that organisations must take following a data breach. They must notify you of a breach without undue delay if it puts your rights and freedoms at risk. As such, you could gather copies of letters or emails from the organisation that detail how the breach occurred, and what data was affected.

You can contact the organisation yourself if you suspect a data breach has occurred. You should allow them a 3-month period in which to respond. Should they fail to reply in that time frame, or fail to reply in a satisfactory way, you can make a complaint to the ICO.

It’s important to note that the ICO cannot award compensation. However, if they choose to investigate your complaint, and their findings support your claim, you could use these as evidence when building your case.

Additionally, you could collect other evidence to support your case, such as:

  • A copy of your medical records, or a report from a psychiatrist or therapist to highlight any emotional damage you have experienced.
  • Evidence of financial costs and expenses incurred due to the data breach, such as bank statements and credit reports.

For help on how to take legal action for a data breach, call our team of advisors. They could potentially connect you with a solicitor from our panel who could assist you in collating evidence for your case.

How Could A Data Breach Be Caused By Wrongful Conduct?

A data breach affecting your personal data could occur in a number of different ways. For example:

  • A school or university could send an email containing sensitive personal data to the wrong recipient. This could cause you emotional harm in an email data breach.
  • Banks and building societies can issue new or replacement credit and debit cards to the wrong postal address, even though they were in possession of your correct details.
  • Your employer could divulge details about a medical condition recorded in your file in a verbal conversation with unauthorised parties in the office.
  • Devices that contain personal data about patients could be lost or stolen due to a lack of physical security.
  • A cyber security incident, such as a ransomware attack, could occur due to poor online security systems being in place. As a result, your personal data could be stolen.

If you would like to talk about your specific case and find out whether you could be eligible to take action for a data breach, please connect with our advisors on the number above.

Data Breach Compensation Calculator

After a successful outcome to a data breach claim, compensation can be awarded for two types of damage.

Firstly, non-material damage refers to the psychological harm you suffered as a result of the personal data breach. This can include depression, stress, anxiety and distress because of a data breach, as well as more serious conditions such as post-traumatic stress disorder (PTSD).

To accurately calculate the value of any mental harm, legal professionals can refer to medical evidence, as well as the guideline compensation brackets in the Judicial College Guidelines.

We have included an excerpt from this publication below. However, these amounts are only guide figures and settlements vary according to each case.

Guideline Award Brackets

Harm Type Degree of SeverityAward Bracket GuidelinesNotes
Psychological Harm - General(a) Severe £54,830 to £115,730The person suffers marked problems that affect different areas of their life. They also have a very poor prognosis.
(b) Moderately Severe£19,070 to £54,830Significant issues that affect different areas of the person's life, but they will have a much better prognosis than in the bracket above.
(c) Moderate £5,860 to £19,070A significant improvement of issues affecting the person's life will be seen. There is a good prognosis.
(d) Less Severe£1,540 to £5,860This payout awarded reflects the length of the injury and how badly it affected the person.
Post-Traumatic Stress Disorder (PTSD)(a) Severe £59,860 to £100,670There are permanent issues that affect all aspects of the person's life, and prevent them from functioning at the same level as their did prior to the trauma.
(b) Moderately Severe£23,150 to £59,860A better prognosis is indicated after the person receives professional help and makes some recovery.
(c) Moderate£8,180 to £23,150A significant recovery is made and any ongoing issue the person faces won't be majorly disabling.
(d) Less Severe£3,950 to £8,180The person makes a full recovery within a couple of years. There will be only minor symptoms that continue for a longer period.

Claiming Material Losses After A Company Data Breach

Material damage is the monetary loss you experienced due to the breach of your personal data. This can include money stolen from your bank account, or loans and credit agreements fraudulently taken out in your name.

You may have experienced fraudulent purchases after your debit or credit card details were accessed because of the breach. With statements and credit reports to prove them, compensation for these losses could form part of your claim.

For more information on data breach compensation payouts, please call an advisor on the number above.

Why Make A No Win No Fee Data Breach Claim?

When considering taking legal action for a data breach, you may benefit from the support of a legal professional. Some of the ways a solicitor could help include:

  • Help to collect relevant supporting evidence.
  • Expertise in correctly valuing your claim.
  • Regular updates on the status of your claim at every stage.
  • Explanations of any complex legal jargon.

The data breach solicitors from our panel can offer services such as these under a type of No Win No Fee agreement called a Conditional Fee Agreement (CFA) to claimants with valid grounds to seek compensation.

Working with a solicitor under a CFA typically mean that there are no upfront fees for their services, or any fees for their work as the claim moves ahead. In addition to this, for claims that fail there are no fees for completed work.

Following a successful conclusion of your claim, a small and legally capped success fee from your compensation will be paid to your solicitor. This is taken as a percentage which you will discuss with your solicitor before any work begins on your case.

Our advisors are available right now to discuss whether you could take legal action for a data breach. After a quick assessment of eligibility, they can direct valid claims to a data breach solicitor from our panel to help. For more information:

Learn More About Taking Legal Action For A Data Breach

Below are some more of our guides:

For more external resources:

We appreciate you reading our guide explaining when you could be eligible to take legal action for a data breach. Please get in touch if you require any other information.

Writer Jeff Walker

Editor Meg Monsoon