HR departments at our workplaces can hold various pieces of personal information about us, from our addresses, national insurance numbers and bank details. We instil our trust in HR departments to keep our personal data safe, so if you have experienced a personal data breach, the fallout can be severe both for your emotional and financial well-being. You have the right to balance the scales after an HR data breach by seeking justice for what has happened to you. This guide will walk you through the ins and outs of starting an HR data breach claim, so that you can claim compensation with confidence and clarity.
Key Takeaways
- Your HR department can prevent personal data breaches in a variety of ways, ranging from providing robust training programmes to implementing up-to-date cybersecurity.
- An HR data breach can occur for several reasons; however, two primary examples are cyber attacks resulting from inadequate IT security and accidental data leaks caused by human error.
- Your personal data breach compensation can cover both emotional and financial harm you have suffered.
- A personal data breach can range from compromising information about your pregnancy to sending sensitive documents of your criminal record to your colleague instead of you.
- Here at Data Breach Claims, our panel of specialist solicitors provides their legal services on a No Win No Fee basis.
If you would like to discuss your particular circumstances and receive free advice on the steps you could take next, you can contact our advisory team. They are happy to answer any questions you may have.
We Can Help With Your Claim
Our team of specialist advisors are ready to assist you with your data breach claim
Frequently Asked Questions
- Can I Make An HR Data Breach Claim?
- What Personal Information Would An HR Department Hold?
- What Are Examples Of An HR Data Breach?
- How Could An HR Department Prevent Data Breaches?
- How Much Compensation For An HR Department Data Breach?
- What Should I Do After An HR Data Breach?
- No Win No Fee HR Data Breach Compensation Claims
- Learn More
Can I Make An HR Data Breach Claim?
Yes, you may be able to make an HR data breach claim if your personal data was compromised due to a failure to comply with data protection law, and you consequently suffered harm.
Personal data is any information that could identify you directly, or in accordance with other information. In the next section, we share some examples of personal data an HR department could hold about you.
Any organisation that handles your personal data must do so in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Notably, these laws impose duties and responsibilities on data controllers and data processors to safeguard your personal information throughout every phase, from collection to processing, storage, and deletion.
A data controller, typically the employer of which the HR department is a part, will decide how your personal information is processed. Data processors, on the other hand, act on the instructions outlined by the relevant controller. If either of these parties fails to comply with data protection laws, it may result in a data breach.
Specifically, a personal data breach is any security incident that affects the confidentiality, integrity or availability of personal data as outlined under Article 4 of the UK GDPR. Importantly, Article 82 of the UK GDPR highlights the following criteria must be met in order to make a personal data breach claim:
- A data controller or processor failed to adhere to data protection laws
- This failure caused a personal data breach
- As a result, you suffered financial or psychological harm
We understand that this is a lot to take in, and we’re more than happy to provide further clarity on how to make an HR data breach claim. Call us for free so we can explain things in more detail.
We Can Help With Your Claim
Our team of specialist advisors are ready to assist you with your data breach claim
What Personal Information Would An HR Department Hold?
The personal information that an HR department would hold could include any information from your name to your national insurance number. They may have acquired this personal data from you as part of the hiring process and to also pay you your salary. Other types of personal data they could hold include:
- Personal phone number
- Email and postal address
- Records of employment, such as details of a dismissal
- Financial information
- Banking details such as credit card information
Your HR department may also hold something called special category data. This is deemed more sensitive data and, therefore, needs extra protection. Please take a look at some examples:
- Medical records
- Racial or ethnic origin
- Sexual orientation
- Trade union membership
- Religious beliefs
- Genetic or biometric data
Exposing or compromising special category data can have severe consequences for a person’s financial and emotional well-being.
If you have suffered emotionally or financially because of a personal data breach, let us help you. Contact our team today to find out if you are eligible to start your own HR data breach claim.
What Are Examples Of An HR Data Breach?
Some examples of an HR data breach can include cyber incidents and also incidents due to human error. Please find below types of incidents that could lead to a data breach:
- Sending personal information to the wrong person: An HR employee accidentally sends an email of an employee’s medical information to the incorrect email address.
- Cyber attacks due to poor IT security: The company is prompted to update its firewall and anti-malware software, but fails to do so. A hacker gains access to sensitive data belonging to several staff members.
- Unauthorised access: A fellow HR employee is given access to a shared file containing personal data regarding another employee’s disciplinary records. The HR employee does not have clearance to access such information.
- Failure to redact sensitive data: A mass email containing sensitive information is sent out, and the sender forgot to remove or censor the identifiers.
If your HR department has made one of the above personal data breaches, connect with one of our advisors so we can support you.
How Could An HR Department Prevent Data Breaches?
An HR department could help prevent data breaches by ensuring all cybersecurity is up to date and ensuring all staff have been trained on data protection.
Please find below some preventative measures an HR department could implement to stop data breaches:
- Data Protection Policies: Develop clear and comprehensive data protection policies.
- Access Control: Only a select few HR personnel are authorised to access personal data and must undergo multi-factor authentication.
- Encrypt data: Guarantee that all sensitive data is encrypted to protect employees.
- Security tools: Utilise up-to-date cybersecurity, such as AI-powered threat detection.
- Regular training: Conduct thorough training across all levels of HR staff with specific emphasis on security protocols.
- Security culture: Foster a company-wide culture where data security is a shared responsibility.
If you believe that your HR has failed you in one or more of these areas, we recommend contacting our team of advisors today.
How Much Compensation For An HR Department Data Breach?
How much compensation for an HR department data breach you could claim would depend on what material and non-material harm you have suffered.
Non-material damage is any psychological harm you have suffered due to the personal data breach, such as emotional distress, anxiety, depression or PTSD.
Legal professionals can use the Judicial College Guidelines (JCG) to help them calculate the potential value of your compensation for your non-material damage. This is because the JCG is a publication which contains a comprehensive list of instances of both physical and psychological harm alongside suggested compensation brackets. In our table below, we have carefully selected several examples of psychological damage that you could suffer as a consequence of experiencing an HR data breach.
Please take careful note that the first row is our own figure and has not been selected from the JCG. We also encourage you to use this table as a guideline only.
| TYPE OF HARM | COMPENSATION | NOTES |
|---|---|---|
| Severe Mental Harm Plus Financial Losses | Up to £250,000+ | Severe mental harm plus financial losses such as loss of earnings and private therapy sessions. |
| Psychiatric Damage Generally - Severe (a) | £66,920 to £141,240 | In this award bracket the following key factors will be taken into account: the claimant's ability to cope with every day life, any effect on the person's relationships, prognosis and so on. |
| Psychiatric Damage Generally - Moderately Severe (b) | £23,270 to £66,920 | Similar issues as severe cases but the prognosis is more optimistic. |
| Psychiatric Damage Generally - Moderate (c) | £7,150 to £23,270 | The claimant will struggle with the same details above, however, there will have been marked improvement by trial and the prognosis will be good. |
| Psychiatric Damage Generally - Less Severe (d) | £1,880 to £7,150 | When it comes to this level of award the length of period of disability will be taken into account and the extent to which sleep and daily activities are impacted upon. |
| Post Traumatic Stress Disorder - Severe (a) | £73,050 to £122,850 | The claimant will suffer permanent effects which will prevent the individual from working at all or at least from functioning at anything approaching the pre-trauma level. |
| Post Traumatic Stress Disorder - Moderately Severe (b) | £28,250 to £73,050 | This level of award is distinct from the above because the prognosis will be better with some recovery possible alongside professional help. |
| Post Traumatic Stress Disorder - Moderate (c) | £9,980 to £28,250 | In this case the injured person will be largely recovered and if they do experience any ongoing side effects, they will not be grossly disabling. |
| Post Traumatic Stress Disorder - Less Severe (d) | £4,820 to £9,980 | This level of award will cover a claimant who has made virtually a full recovery within one to two years and any symptoms that do persist will be minor. |
What Is Material Damage In A Data Breach Claim?
Material damage in a data breach claim refers to any financial losses you have incurred as a direct result of the personal breach. Notably, you don’t need to suffer the non-material damage in order to claim for losing money as a result of the data breach, and vice versa.
Here are some examples of the financial losses you can claim for:
- Loss of earnings from taking time off work due to the effect the HR data breach has had on you
- Relocation costs if the personal data breach was so significant that you felt the need to move address for your safety
- The costs for installing home security to keep yourself safe
- The cost of therapy due to any mental harm you have experienced
If you’d like to talk to an expert advisor on how much compensation you might receive or you’d like to work with a data breach solicitor, please contact us at your earliest convenience.
We Can Help With Your Claim
Our team of specialist advisors are ready to assist you with your data breach claim
What Should I Do After An HR Data Breach?
After an HR data breach, you should gather supporting evidence to help you make a personal data breach claim. There are various types of evidence you could gather, and we have set these out below:
Evidence of Psychological Harm:
- Medical records
- A letter from your psychiatrist confirming your diagnosis
Proof of Financial Harm:
- Payslips
- Invoices
- Bank statements
Proof of the Data Breach:
- A notification letter or email
- Findings from an Information Commissioner’s Office (ICO) investigation – please note the breach must be reported to them within 3 months of the last meaningful communication with the organisation responsible for the ICO to potentially investigate your HR data breach claim
- Correspondence with the organisation responsible – this can include communications discussing things like how the breach occurred in the first place, specifically what personal data of yours was compromised and how your HR department is responding to this incident, so it doesn’t happen to another employee
You must also start your claim within the time limit. Generally, you have up to 6 years to begin your claim.
Should I Make A Complaint To The Information Commissioner’s Office (ICO)?
You should make a complaint to the Information Commissioner’s Office (ICO) following a breach of your personal data, as their findings, if they choose to investigate the breach, could be used as evidence in your claim.
The ICO is the independent authority that enforces data protection laws on organisations that process the personal data of UK residents.
We’d like to inform you that while the ICO can issue fines and penalties for personal data breaches, they cannot pay out compensation.
There’s no need to tackle an HR data breach alone; let us help you by speaking to one of our friendly advisors today.
No Win No Fee HR Data Breach Compensation Claims
No Win No Fee HR data breach compensation claims could be made with our panel of expert solicitors. You aren’t legally required to seek professional legal help to file an HR data breach claim; however, it’s highly recommended that you work alongside a solicitor in order to secure the maximum amount of compensation.
The benefits of working with our panel of solicitors include their offer of legal services on a No Win No Fee basis. This funding option will be offered to you in the form of a Conditional Fee Agreement (CFA) contract. This contract comes with several significant benefits, including that you won’t have to pay for any upfront solicitors’ service fees, and you won’t have to pay said fees while your HR data breach claim is in progress or if it fails.
If your personal data breach claim is successful, you will be required to pay a success fee. The solicitor will take this fee from your compensation; don’t worry, this is a percentage and it’s legally limited, as per the Conditional Fee Agreements Order 2013.
Moreover, to make the claims process as stress-free as possible, our panel will give you immediate access to a comprehensive list of services. We’ve provided a list of examples below:
- Calculate a fair and accurate compensation award
- Arrange an independent medical assessment
- Negotiate with the defendant’s solicitors
- Gather evidence on your behalf
- Ensure all your losses are included in your claim
To clarify, this is not an exhaustive list, and we look forward to sharing more about our benefits and services with you. Call us, reach out online or text us using our live chat using the contact details below:
Contact Data Breach Claims
- Phone us on 020 8050 6279
- Contact us online
- Our live chat has a bot-free guarantee–you’re just a click away from talking to a dedicated advisor.
Learn More
Read more of our guides on our website:
- Know what to do if your data has been breached.
- Read this if your password has been part of a data breach.
- Guidance on claiming after receiving a notification letter.
You can also refer to the following resources for further information:
- Have a read through some information on data protection from GOV.UK.
- See if you’re eligible for Statutory Sick Pay.
- Access to mental health services provided by the NHS.
Thank you for taking the time to read our guide on how to start an HR data breach claim. We hope you have found it useful.