Can You Sue A Company For A Data Breach?

This guide will explain in which circumstances you may be able to claim for a company data breach.

company data breach

Company data breach claims guide

It will also describe what could be received from a successful data breach compensation claim and highlight the benefits of using No Win No Fee data breach solicitors when making a claim.

To be eligible to make a personal data breach claim, there are certain criteria that must be met. We will explore these in further detail throughout our guide as well as discuss the steps that you can take if your data is affected by a breach.

To learn more, please continue reading our guide. Alternatively, if you would like to receive free legal advice from a member of our team, contact our advisors today. You can:

 

Choose A Section

 

Can You Claim For A Company Data Breach? – A Guide

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) run alongside each other to protect the personal data of UK residents.

You may be wondering what a data breach is. The legal definition of a personal data breach can be found in Article 4 of the UK GDPR, which states it is a security incident that involves your personal data being lost, altered, or destroyed either unlawfully or accidentally. It can also involve your personal data being disclosed or accessed without authorisation.

Personal data is classed as any information that could be used to identify you either when processed by itself or in combination with other personal information. This could include your name, email address, phone number, and postal address. There is also personal data known as special category data, such as health data and information relating to your racial or ethnic origin and trade union membership, which is given extra protection.

All data controllers and data processors must comply with data protection law. If they fail to do so, and this results in a security incident that affects the confidentiality, availability, or integrity of your personal data, this is a personal data breach. A data controller establishes how and why your data will be used. A data processor processes this data on the controller’s behalf.

Get in touch with our team to find out if you could be eligible to make a company data breach claim.

When Are You Eligible To Claim For A Company Data Breach?

To be eligible to make a personal data breach claim, there are certain criteria that need to be met. Firstly, it is imperative that you show that the data breach was caused by the company’s wrongful conduct. This can involve a data controller or processor failing to protect your personal data under data protection law.

A company data breach can involve a breach of employees’ personal data and in some cases, customer data. You can claim compensation in several circumstances where a company has failed to adhere to data protection law.

There are different types of personal data breaches, including:

  • The bank or finance department of a company sends your payslips to your old address after you had already given your bank or employer updated contact details.
  • The HR department accidentally sends an email containing sensitive information about you to other members of staff.
  • A website data breach where your address, payment details and name are exposed because an online retailer is the victim of an online hack. If this occurs because they did not have sufficient cybersecurity which could’ve stopped the breach from occurring, you may be able to claim compensation.

 

Top Tips When Claiming For A Company Data Breach

You could do several things to help you during the company data breach claims process. The most useful thing to do is collect as much evidence concerning the data breach. You should also collect evidence for any harm caused to you due to the breach.

Firstly, a data controller must inform you of a breach of your personal data if the breach infringes on your rights and freedoms. Correspondence between you and the company could help you establish how the data breach occurred and who is liable. It can also provide details on the nature of the information that was affected. This can be used as evidence to support your potential claim.

Additionally, you can collect evidence of any psychological harm you sustained. This can be in the form of your medical records. Medical evidence can be helpful when making personal data breach claims. If you choose to hire a solicitor, they may arrange an independent medical assessment to assess the psychological harm you suffered because of the data breach. This report can then help to strengthen a claim.

Thirdly, if you suffered any financial losses, you’ll need evidence of this material damage in order to receive compensation. This can be in the form of bank statements, credit or debit card statements, and payslips.

After a personal data breach, you can make a complaint directly to the organisation responsible. If no satisfactory response is given or they do not respond at all, you can report the breach to the Information Commissioner’s Office (ICO).

The ICO is an independent public body responsible for upholding the rights and freedoms of data subjects. They can investigate incidents and take enforcement action against organisations that have breached data protection laws, such as issuing monetary fines. If the ICO investigates your complaint, you can use their findings to support your case.

For more information on what to do if your data has been breached, you can get in touch by calling the number above.

What Data Breach Payout Could You Receive From A Successful Claim?

The UK GDPR states that you need to have suffered material or non-material damage because of the data breach in order to claim. Material damage is financial loss, whereas non-material damage is psychiatric injury as a result of the data breach.

There are figures from the Judicial College Guidelines (JCG) provided below. The guidelines set out compensation brackets that coincide with different types of psychiatric injury based on their severity. Data breach solicitors can use these figures to help them when calculating non-material damage payouts.

They are only guidelines, not guarantees of what you could receive. Compensation is based on factors specific to your circumstances, such as the severity of your psychological injury, whether any permanent symptoms were caused, and the extent to which your life has been impacted.

Type of HarmSeverityDescriptionCompensation
Psychological HarmSevereThe injured person will find it very difficult to cope with life, education, or work. £54,830 to £115,730
Psychological HarmModerately SevereThe injured person will have day to day issues in coping with life, education, or work. However, there will be a more optimistic prognosis.£19,070 to £54,830
Psychological HarmModerateThe injured person may have some issues with their life, but this category is specific to those who have made a recognisable improvement by trial.£5,860 to £19,070
Psychological HarmLess SevereThe extent of the harm and how long it lasted is considered.£1,540 to £5,860
Anxiety DisorderSevereThese cases involve permanent effects which prevent the injured person from working at all, or at least from functioning at anything compared to what they could do pre-trauma. £59,860 to £100,670
Anxiety DisorderModerately SevereThis category is distinct from above because of the better prognosis.£23,150 to £59,860
Anxiety DisorderModerateThis category is for injured people who have largely recovered from their PTSD symptoms. The continuing effects from their PTSD will not be too disabling.£8,180 to £23,150
Anxiety DisorderLess SevereMostly completed recovery and only minor symptoms persist.£3,950 to £8,180

To learn more about the data breach compensation you could receive after making a successful company data breach claim, please get in touch using the number above.

Can I Also Claim For Material Damage?

Compensation can also be claimed for material damage. This aims to compensate you for the financial impacts you suffer because of the breach. For example, a personal data breach could see funds stolen from your bank account, damage your credit score, or have debts in your name.

As mentioned, you should provide evidence of these losses to claim them back.

Why Make A Data Breach Claim On A No Win No Fee Basis?

A No Win No Fee agreement is an arrangement between you and your solicitor. This provides certain financial benefits by mitigating the risk of accessing the services of a solicitor. For example, under a type of this agreement known as a Conditional Fee Agreement (CFA), if your claim is unsuccessful, you generally won’t have to pay a fee for your solicitor’s services. Additionally, a large benefit of using a CFA is that you don’t have to pay any upfront or ongoing fees to your solicitor for them to begin work on your claim. You must only pay a success fee at the end of a successful claim.

It is important to recognise that not all solicitors offer to take cases on a No Win No Fee basis. However, the solicitors on our panel can work their cases in this manner.

Get in touch with our team today to learn whether the data breach solicitors from our panel could represent your claim in this way. An advisor can also discuss whether you’re eligible to make a company data breach claim. To reach them, you can:

Learn More About How To Make Data Breach Claims

We have also provided some additional resources below that you may find beneficial.

Additionally, please find more of our guides below:

Thank you for reading this article about company data breach claims. Please get in touch if you want to learn more or have any other questions.

Writer Saif Solace

Editor Meg Monsoon