An e-commerce data breach can interrupt your life and cost you significant amounts of money. Should a breach happen to you, you could be eligible to claim data breach compensation. This guide will explain how.
We will first explain what an e-commerce data breach is. Shopping websites often need to keep customer data and the like. If they pass that data to anyone who shouldn’t have it or inappropriately handle your data, this is considered a data breach. We will provide some examples of how this can happen.
Online retailers must take certain steps if they breach your personal data, including letting you know it has happened. We will provide advice on what to do if your data has been breached and set out the steps for making a claim. To help you understand this process, we will also explain how compensation is calculated on a case-by-case basis.
Finally, this guide will explore the benefits of claiming with a member of our panel of solicitors. You can even instruct our panel on a No Win No Fee basis, meaning you won’t pay for their services if you don’t succeed. This guide will explain how this is possible.
Feel free to read it through, jump to the sections most important to you, or call our advisors straight away. They’re here 24 hours a day, seven days a week. You can take your first steps today.
- Call us on 020 8050 3051.
- Contact us with any queries.
- Talk to us now using the Live Chat below.
Jump To A Section
- Can I Claim For An E-Commerce Data Breach?
- How Could An E-Commerce Data Breach Happen?
- Do E-Commerce Businesses Have To Contact Customers After A Data Breach?
- What Is The Claims Process For Data Breaches?
- How Much Compensation Could I Receive For A Data Breach?
- Claim Data Breach Compensation On A No Win No Fee Basis
- Learn More About Data Breach Claims
Can I Claim For An E-Commerce Data Breach?
Personal data is any that identifies you, whether directly or indirectly. Retailers have to protect it under the Data Protection Act 2018 and UK General Data Protection Regulation.
Suppose an online retailer does anything to risk the security, availability, or integrity of your personal data. In that case, they may be liable for any personal data breaches that happen as a result. You can claim if:
- An online retailer does not comply with data protection laws.
- This causes some form of harm.
A data breach claim will be made against one of two people:
- Data controllers. They make decisions about personal data and are generally responsible for breaches.
- Data processors. They process data but don’t necessarily make decisions about it. This is often on behalf of controllers.
Both must have a good reason to keep or use your data. With e-commerce, for example, a common reason is legitimate interest. Online stores need to keep your retail data on file so they can email receipts and take payments.
What Personal Information Would An Online Store Have?
As explained in the section above, personal data identifies you. Examples are:
- Name
- Address
- Contact Details
- Date of Birth
A data controller may also use special category data, sensitive personal data that comes with extra protections:
- Biometric data for certain health related products.
- Trade union membership for related discounts.
- Purchases that indicate religious, philosophical, or sexual practices.
These are examples of personal data that can be breached. If special category data is involved, however, the consequences can be greater.
You can discuss your particular data breach experience with our advisors today. They can then match you with our panel of expert data breach lawyers who can fight to restore your losses and seek compensation for any harm caused. Get in touch using the details above to learn more.
How Could An E-Commerce Data Breach Happen?
A data breach is when a security incident puts personal data at risk.
With e-commerce, this could happen at any point, from when you visit a website to when your parcel arrives. Here are some examples of e-commerce data breaches:
- A teaching supplies website sends your order to the wrong address. While the parcel is addressed to them, the invoice inside states your name, your address, and the fact that you received a trade union discount.
- The delivery driver for an online pharmacy often leaves the back doors of their van open during their rounds. Your neighbour walks past and reads a clipboard listing your pharmacy data, including your name, address, and prescribed medications.
- Hackers steal credit card details from the website of a popular shoe retailer. The store did not have any security measures in place to prevent this.
In each case, a data controller or processor acted wrongfully or didn’t take reasonable steps to prevent a data breach. In some way, they failed to comply with data protection laws. However, this may not always be the case.
Imagine that hackers steal payment card details from the website of a popular shoe retailer despite the company keeping their security software updated. The store could not have reasonably done more to prevent the breach. It is unlikely this would provide the grounds to make a claim.
For a claim to work, the data controller or processor must fail to meet their obligations under data protection law. Whether they did or not, however, may not always be clear, which is why our advisors are at hand. They can provide clarity and, if you have a case, connect you with our panel of data breach solicitors. You can speak to them using the details at the top of this guide.
Do E-Commerce Businesses Have To Contact Customers After A Data Breach?
Businesses must take certain steps within 72 hours of an e-commerce data breach.
- Investigate what happened.
- Try to contain the breach or minimise the damage caused.
- Conduct a risk assessment.
- Report the breach to the Information Commissioner’s Office (ICO).
If a breach puts your freedoms or rights at risk, the business must also tell you in writing without undue delay. This correspondence should explain the breach and how you can protect yourself.
You can also make a complaint to the ICO directly. They are an independent public body that regulates data protection for UK residents. While they cannot award compensation, they can investigate and report their findings. A letter from them may provide valuable evidence in a data breach claim.
You do not need to talk to the ICO before you contact our advisors, or at all for that matter. As soon as you have reason to believe your data has been breached, call our team for a free initial consultation. Their details are at the top of this page, and they are ready to help.
What Is The Claims Process For Data Breaches?
There is a standard process for making e-commerce data breach claims. For example, a member of our panel will usually seek to:
- Investigate your case.
- Write to the data controller, setting out the issues.
- Exchange relevant information with everyone involved.
- Discuss fault and compensation.
- Try to come to a settlement.
While every stage is important, the best prospects usually come from strong Evidence:
- ICO Correspondence – their findings, if any, may support your claim.
- Breach Notification Letter – data controllers must inform you if they risk your data rights.
- Witness Contact Details – legal professionals can take statements from anyone who saw the effects of the breach.
- Medical Evidence – to show any psychiatric harm caused by the breach.
- Financial Records – to show any monetary losses caused by the breach.
Our panel are experts at gathering claim evidence and can do so for you, saving you time and resources. Talk to our advisors to get started. Their details are at the start of this guide.
How Much Compensation Could I Receive For A Data Breach?
You may be eligible for compensation after an e-commerce data breach. The amount of compensation will depend on the effects of that breach. Two kinds of damage that can be reflected in the compensation:
- Non-material damage is pain, suffering, and interruption to life.
- Material damage includes monetary losses.
The Judicial College Guidelines (JCG) are a set of suggested compensation brackets for differing injuries. They help to estimate the value of non-material damage, should you claim for distress caused by a data breach. Below are some examples.
Please note that these are guidelines and not guarantees. Final amounts, if successful, may vary.
| Type | Severity | Compensation | Notes |
|---|---|---|---|
| Psychiatric Harm plus Compensation for Material Damage | Very Severe | Up to £250,000 or more | Not a JCG figure. Likely to include loss of earnings or relocation costs. |
| Post-Traumatic Stress Disorder | Severe | £73,050 to £122,850 | Life affected in all aspects, often permanently. |
| Moderately Severe | £28,250 to £73,050 | Significant disability for the foreseeable future. Recovery possible with professional help. | |
| Moderate | £9,980 to £28,250 | Long-term effects not significant. Recovery possible | |
| Less Severe | £4,820 to £9,980 | Recovery within 1-2 years. | |
| Psychiatric Damage Generally | Severe | £66,920 to £141,240 | Extreme effects on prospects, relationships, and medical outlook. |
| Moderately Severe | £23,270 to £66,920 | Significant effects on prospects, relationships, and medical outlook. Optimistic prognosis. | |
| Moderate | £7,150 to £23,270 | Recovery likely with regards to prospects, relationships, and medical outlook. | |
| Less Severe | £1,880 to £7,150 | Negative effects on life and sleep in particular. |
You may also be compensated for material damage, including financial losses. You will need to prove each loss for which you claim. For example:
- Medical reports and payslips to prove loss of earnings.
- Invoices to show relocation costs if the data breach means you have to move house.
- Receipts to demonstrate the cost of professional therapy.
You can seek to claim for any loss so long as you can prove the data breach caused it.
Our panel of data breach solicitors can help you through this process, giving you advice tailored to your unique circumstances. They can also help you recover your financial losses by gathering the best evidence available. Call one of our advisors now to get started. Their details can be found at the top of this page.
Claim Data Breach Compensation On A No Win No Fee Basis
Our panel of solicitors take on a broad range of data breach claims – from e-commerce to hospital data – because they have the right expertise and a proven track record. When you move forwards with them, you can be sure you are supported by:
- Years of experience bringing cases to a successful conclusion.
- Knowledge of the latest and most cutting-edge legal developments.
- Lawyers with compassion and understanding of the effects a data breach can have.
You can also be sure that money for solicitor’s fees is no barrier to claiming. When you sign a Conditional Fee Agreement (CFA) with a member of our panel, the only penny you’ll pay for their services is a small and legally capped percentage of your compensation if you succeed. That’s it.
- No solicitor’s fees to start.
- No solicitor’s fees throughout.
- No solicitor’s fees if you lose.
There’s no reason to wait to start an e-commerce data breach claim. You’re in control, so reach out today.
- Call us on 020 8050 3051.
- Contact us with any queries.
- Talk to us now using the Live Chat below.
Learn More About Data Breach Claims
We hope you found this guide useful. To continue your reading, follow the links below.
Here are some more guides from us answering commonly asked questions:
- What is the time limit for data breach claims?
- What should I do if my data is breached?
- Can I claim for a data breach on social media?
Here are further resources from around the Internet:
- The ICO’s report on the growing threat of cyber attacks.
- How to get a copy of your data with a Data Subject Access Request.
- Read the NHS’s advice for treating PTSD.
Thank you for reading our guide on what to do if you experience an e-commerce data breach.
