Stolen Or Lost Device Data Breach Claims Explained

This guide looks at what you could do if your personal data was on a stolen or lost device. If you experienced damage, either financially or mentally, due to a breach of your personal data, you might be eligible for compensation. However, certain criteria need to be met in order for you to make a claim. 

stolen or lost device

A Guide To Claiming After A Stolen Or Lost Device Data Breach

In the UK, two main pieces of legislation govern data protection. These are the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). They outline the responsibilities certain parties have with regard to the processing, handling and storing of your personal data. Additionally, the UK GDPR defines personal data and when you might be eligible to claim compensation. Within this guide, we look at the claiming requirements as well as provide an explanation of what a personal data breach is. 

Additionally, we explore the settlement that could be awarded following a successful claim and what it could comprise.

If you are seeking compensation for a data breach, you may wish to have the support of a solicitor. We conclude the guide with a look at how a No Win No Fee solicitor might benefit your claim. 

If you have any questions about claiming following a personal data breach, please contact an advisor from our team. To do so, you can:

Choose A Section

  1. Can You Claim For A Stolen Or Lost Device Containing Your Personal Data?
  2. How Can A Data Breach Be Caused By A Stolen Or Lost Device?
  3. Evidence That Could Help You In A Data Breach Compensation Claim
  4. Data Breach Compensation – Examples Of What You Could Receive
  5. Use A No Win No Fee Data Breach Solicitor To Claim
  6. Learn More About Claiming After A Lost Or Stolen Device Data Breach

Can You Claim For A Stolen Or Lost Device Containing Your Personal Data?

A breach of personal data occurs when personal data is disclosed or accessed without authorisation, or destroyed altered or lost accidentally or unlawfully, in a security breach.

Personal data is information that could be used to identify a living individual, either directly or indirectly, when used in combination with other data that could identify you. 

Article 82 of the UK GDPR sets specific requirements that must be met in order to claim compensation. You must be able to prove that:

  • The data controller or processor failed to comply with the data protection legislation. A data controller is responsible for deciding why and how data should be processed. Data processing may be outsourced to a processor who acts on behalf of the controller. 
  • Due to the wrongful conduct of a controller or processor, your personal data was compromised in the breach. 
  • As a result of this breach of your personal data, you experienced mental harm, such as distress because of a data breach or financial damage.  

An advisor from our team can help you if your personal data was on a stolen or lost device. They can advise whether you’re eligible to make a personal data breach claim.

How Can A Data Breach Be Caused By A Stolen Or Lost Device?

A personal data breach can occur accidentally through human error, such as leaving a device containing personal data on a train or deliberately through criminal activity, such as a ransomware attack by cyber hackers. 

Organisations should ensure that their staff with access to personal data are provided with data protection training. In addition, they should ensure that cybersecurity software is kept up to date. 

Examples of how a device containing personal data could be lost or stolen include:

  • A computer hard drive may not be disposed of correctly. If this is found and it was not password protected, your data could be accessed. 
  • If your medical records are stored on a digital device, such as on a memory stick, and this is not locked away securely, it could result in theft. 
  • Your employer may leave a laptop containing employee data on public transport. This could grant access to your bank account and sort code causing fraudulent activity. 

To discuss the circumstances that caused the compromise of your personal data, please get in touch with a member of our team. 

Evidence That Could Help You In A Data Breach Compensation Claim

If you are seeking data breach compensation, you must have sufficient evidence. This must show that the data controller or processor failed to comply with the data protection legislation and this resulted in a breach that included your protected data. You must also have evidence that proves you suffered harm, either psychologically, financially, or both, as a result of this breach. 

Examples of evidence that could be useful in a data breach claim include:

  • Letter of notification. If your personal data is included in a breach putting your rights and freedoms at risk, the data controller must inform you without undue delay. This may be done with a letter of notification, which could be useful evidence. 
  • An Information Commissioner’s Office (ICO) report. The ICO is an independent body held responsible for upholding information rights in the UK. As part of their role, they can investigate data breaches that have been reported to them. Data controllers must notify the ICO about a breach, that meets the criteria for needing to be reported, within 72 hours. 
  • Evidence of damage. If you are claiming for harm caused to your mental health, such as stress or post traumatic stress disorder (PTSD), you can submit your medical records. Additionally, proof of financial loss can be provided in the form of credit reports or bank statements.

A solicitor specialising in claims for data breaches can help you collect evidence. If you need any help proving your personal data was on a stolen or lost device, which was then compromised due to the failings of a controller or processor, please contact a team member. 

Data Breach Compensation – Examples Of What You Could Receive

If your claim for a data breach is successful, your settlement could include compensation for two types of damage.

These are material damage which refer to your financial losses caused by the data breach and non-material damage which refer to the emotional impact caused by the data breach.

To help value compensation for non-material damage, legal professionals can refer to a document called the Judicial College Guidelines (JCG). It provides guideline compensation brackets for different types of mental harm. 

Our table below contains figures from the 16th edition of the JCG. It is only to be used as a guide, however, because each settlement is unique.

Compensation Table

Type of HarmSeverityNotes Compensation Bracket - Guidelines
Psychological Damage GenerallySevereThere are marked problems coping with different areas of life, including work and relationships. The prognosis is very poor.£54,830 to £115,730
Moderately SevereThe person will suffer significant issues coping with different areas of life. However, the prognosis is more positive when compared to more severe cases.£19,070 to £54,830
ModerateAlthough the person suffered problems coping, they've made significant improvements and the prognosis looks good.£5,860 to £19,070
Less SevereWhen determining the award. there will be consideration given to how long the disability lasted as well as the extent to which it affected the person.£1,540 to £5,860
PTSDSeverePermanent effects prevent the claimant from functioning in the same way as they did prior to the trauma.£59,860 to £100,670
Moderately SevereThe person experiences a significant disability lasting into the foreseeable future. However, with professional help, they show some recovery and have a more positive prognosis.£23,150 to £59,860
ModerateIn this bracket, the person may experience some continuing non-grossly disabling symptoms but has largely recovered.£8,180 to £23,150
Less SevereWith the exception of some minor symptoms, the person has made a virtual recovery within 2 years.£3,950 to £8,180

Claiming For Material Losses In A Data Breach Claim

As mentioned, you can also claim compensation for any material damage.

For example, if a stolen or lost device contained information about your banking or credit card details, and access to your accounts is gained, it could mean money is stolen or loans are taken out in your name. 

If you would like a personalised valuation of your claim, please contact one of our advisors. 

Use A No Win No Fee Data Breach Solicitor To Claim

If you are eligible to seek personal data breach compensation, you may like to instruct a solicitor to work on your claim. One of the data breach solicitors from our panel could help. They generally use a Conditional Fee Agreement (CFA) to work on your claim. This is a kind of No Win No Fee arrangement. 

If your data protection breach solicitor works with you under this type of agreement, they usually won’t ask you to pay upfront for their work on your case. There also aren’t any ongoing fees. You also won’t be asked to pay for their services if you’re not awarded compensation following an unsuccessful claim.

However, should your claim outcome be successful, your solicitor will take a success fee out of your compensation. The amount deducted as this fee is a legally capped percentage. 

To see if you are eligible to claim for a data breach as a result of a stolen or lost device, speak to a team member. If it seems like you have valid grounds for a claim, they could pass you onto one of the solicitors from our panel. 

To speak to a team member:

Learn More About Claiming After A Stolen Or Lost Device Data Breach

Additional guides that might be helpful:

Extra resources that could help you:

If you have any further questions about whether you could claim if a data breach occurred involving a stolen or lost device due to the failings of a processor or controller, and this compromised your personal data, contact a team member.

Writer Danielle Beck

Editor Meg Monsoon