To make a prison data breach claim you must be able to show that wrongful conduct has occurred. Whether you work for the prison service, are an inmate or have previously been in prison, your private data should be protected. HM Prison and Probation Service (HMPPS) and the Crown Prosecution Service (CPS) may hold data related to your employment or criminal record. If this data has been breached, you could claim compensation for psychological and/or financial damage caused by this. To learn more about prison data breach claims, please read our guide below.
What You Need To Know
- Personal data includes information which could be used to identify you.
- Criminal offence data has greater protection than some other types of data under UK law.
- Employers have the right to collect and process certain types of data.
- You could claim compensation if you can show wrongful conduct has occurred.
- A No Win No Fee solicitor from our panel could help you.
You can find out more about how to make a prison data breach claim in our guide below. To begin your claim, or for a free, no-obligation consultation, contact us:
- Use our live chat feature.
- Call 020 8050 6279
- Contact us using our form.
We Can Help With Your Claim
Our team of specialist advisors are ready to assist you with your data breach claim
Jump To A Section
- Who Can Make Prison Data Breach Claims?
- What Personal Information Could Be Involved In A Prison Data Breach?
- Examples Of Data Breaches In A Prison
- How To Find Out If You Were Affected By A Data Breach
- What Prison Data Breach Compensation Could Be Awarded?
- How To Make Prison Data Breach Claims
- The Benefits Of A No Win No Fee Data Breach Compensation Claim
- Why Choose Data Breach Claims
- More Information
Who Can Make Prison Data Breach Claims?
Prison data breach claims could be made by those who experience psychological distress or financial losses as a result of a personal data breach. A personal data breach may be defined as a breach of data security which leads to the unlawful or accidental destruction, alteration, loss, unauthorised disclosure of or access to your personal data.
In the context of this guide, such claims may be made for a data breach at work (where employed by HM Prison and Probation Service) or a criminal records data breach. HMPPS and the CPS may act as both the data controller and processor or just the controller. These parties must ensure that they are in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) when handling your personal data.
- Data controllers determine how personal data may be used, in line with data protection law.
- Data processors may be appointed by controllers to process personal data on their behalf.
The same party may act as both data controller and processor or they may be different parties. To make a data breach compensation claim, you must show that:
- The data processor or controller failed to act in line with data protection law, leading to a breach.
- The breach involved your personal, special category or criminal offence data.
- You suffered psychological harm, financial loss or both.
Contact our team if you are unsure whether you meet the eligibility criteria. An advisor could review your case and help determine whether you could claim compensation.
What Personal Information Could Be Involved In A Prison Data Breach?
A prison data breach could involve your personal information, special category data or criminal records data. This data will relate to an identifiable or identified living person (the data subject). They may have provided their data knowingly or it may have been collected without their knowledge.
Personal information protected by the DPA and UK GDPR include:
- Your name and date of birth.
- Contact information such as your home address, email address and phone number.
- Financial information such as bank account information and debit or credit card details.
Employers and other parties may also hold special category data. Due to its sensitivity, special category data is afforded greater protection under data protection law. Special category data may include that concerning:
- Ethnic and/ or racial origin.
- Philosophical or religious beliefs.
- Health or medical information.
Finally, criminal records data may include that concerning a specific criminal conviction or trial. It could also include information concerning:
- Criminal activity or allegations of criminal activity (whether proven or not).
- Investigations and proceedings.
- The absence of convictions.
- Penalties.
- Conditions and/or restrictions placed on someone.
- Civil measures which may lead to criminal penalties.
These are some of the types of personal, special category or criminal records data which could be involved in a breach. If a data processor or controller failed to comply with data protection laws, leading to a breach, you could claim compensation.
Examples Of Data Breaches In A Prison
Examples of data breaches in a prison could include those related to human error, such as sending an email to the wrong recipient.
Between 2019 and 2024 there were 1,122 data security incidents in the justice sector reported to the Information Commissioner’s Office (ICO). The ICO is the independent body responsible for upholding data protection rights in the UK.
Of these 1,122 data security incidents,
- 1,087 were non-cyber incidents.
- 35 were cyber incidents.
Prison data breach claims could involve prison staff or prisoners’ data, which has been stored digitally or physically. Examples of data breaches in a prison could include:
- An email concerning a prison worker’s health is sent to the wrong member of staff.
- A letter concerning a prisoner’s health is sent to the wrong address.
- A prison worker takes home a laptop containing criminal offence data and loses it in transit.
- Digital files or physical paperwork are improperly disposed of, allowing unauthorised parties to access the data.
- Administrative staff in a prison fail to properly store physical criminal records information. The records are lost when moved between facilities.
- A prison worker is subject to a phishing scam.
- Prison staff fail to redact personal information on an email.
- Cyber criminals hack into a database containing staff members’ personal information.
Breaches of prison data could cause the data subject to experience anxiety, emotional distress and financial losses. To find out more about prison data breach claims and to discuss your case, please contact one of our advisors.
How To Find Out If You Were Affected By A Data Breach
The probation service, CPS or other party should notify you of any breach affecting your freedoms or rights. The data breach notification should include the following details:
- Information about how the breach happened, who was affected and what information may have been involved.
- What steps the CPS, HMPPS, Probation Service, etc are taking to deal with the breach.
- How to contact the relevant data protection officer. This person should act as a single point of contact for affected individuals.
The responsible organisation may not always fulfil its duty to notify individuals affected by a data breach. Even where notifications are sent out, they may easily be overlooked by recipients. In some cases, data subjects may only learn that a breach has occurred through news reports of the breach having happened or of action taken by the ICO.
There are online tools which you can use if you think that you may have been affected by a data breach. Free credit monitoring services could help to alert you to unauthorised or unexpected activity on your financial accounts which may suggest your data has been involved in a breach.
If you suspect that you have been affected by a breach, call our team. We could connect you to one of the data breach solicitors on our panel who could help you to claim compensation.
What Prison Data Breach Compensation Could Be Awarded?
The compensation range for successful prison data breach claims involving severe psychological damage could be between £66,920 and £141,240. However, how much compensation you could be awarded may be based on two factors. These include the prevalence and extent of any psychiatric injury and any financial consequences resulting from the breach. Thus, how much compensation you are awarded for a successful claim will be different to that of another claimant.
Prison data breach claims are assessed on the individual merits of the case. This means that whilst we can provide examples of what may be awarded in different circumstances, any such figures are only a guide. The figures above, highlighting compensation for severe psychological damage, are taken from the Judicial College Guidelines (JCG). These guidelines may be used by those involved in calculating compensation for emotional or psychological distress. In a data breach claim, your psychological injury is referred to as non-material damage and is one of two types of damage you may claim for. The second of these is material damage, discussed in the next section.
The following table presents relevant figures taken from the JCG. Please note:
- The top figure does not come from the JCG.
- Your settlement may vary from these figures and they are not guaranteed as it is only intended as a guide.
| Harm Caused | Severity | Notes | Compensation Guideline |
|---|---|---|---|
| Severe PTSD and/or psychological damage + material damage. | Severe. | Severe psychological damage and/or PTSD with material damage, such as for medical costs. | Up to £500,000+ (where material damage is awarded). |
| Psychological damage. | (A) Severe. | Marked problems are present across multiple areas of the claimants life. | £66,920 to £141,240. |
| (B) Moderately severe. | Whilst similarly impacted as the person above, this person has a better prognosis. | £23,270 to £66,920. | |
| (C) Moderate. | A marked degree of recovery may be made. | £7,150 to £23,270. | |
| (D) Less severe. | Awards take the presence and extent of any disability into consideration. | £1,880 to £7,150. | |
| Post-traumatic stress disorder. | (A) Severe. | The person is permanently impacted, and is unable to work as before or at all. | £73,050 to £122,850. |
| (B) Moderately severe. | Claimants in this bracket have a more optimistic outlook for recovering. | £28,250 to £73,050. | |
| (C) Moderate. | The person could already have recovered to a large degree. | £9,980 to £28,250. | |
| (D) Less severe. | This person has or will make an almost full recovery. | £4,820 to £9,980. |
We Can Help With Your Claim
Our team of specialist advisors are ready to assist you with your data breach claim
Claiming For Financial Losses As A Result Of A Prison Data Breach
The second way you may be compensated is through material damage. Material damage refers to financial losses associated with a data breach.
You may recover financial losses such as:
- Lost earnings and income. As a result of the breach and the anxiety of psychiatric harm caused by it, you may have had to take time off work to deal with this.
- Medical costs. This may include the cost of psychiatric treatment, therapy and/or medication.
- Domestic security. You may have had concerns for your safety and security due to your address and/or contact details being breached.
- Relocation costs. Your security and safety concerns may be great enough to warrant relocating and moving home.
Claimants must submit evidence of these losses. This may include providing copies of bank statements, payslips, invoices for medical expenses or estimates for moving costs. We will cover how to prove your claim in further detail later in this guide.
One of the specialist data breach solicitors from our panel could provide a personalised evaluation of your claim. Contact our team for an assessment of your case today.
How To Make Prison Data Breach Claims
To make a prison data breach claim you will need to gather supporting evidence and submit it within the time limit. This evidence must show,
- Who was liable for the data breach (a data processor or controller).
- How the data breach occurred.
- The impact of the data breach on you, such as a psychiatric injury or financial loss.
In addition, you must provide evidence for any financial loss you intend to claim for. You may gather and submit evidence such as:
- The data breach notification letter and/or other proof that the breach occurred.
- The findings of any ICO investigation and/or a copy of any correspondence with the ICO related to the breach.
- Proof of non-material damage, such as your medical records containing a diagnosis of a psychiatric condition.
- Proof of your material damage (financial loss).
- A copy of any communication with the organisation responsible for the breach.
In general, prison data breach claims must be made within 6 years of you becoming aware of the breach. However, there could also be circumstances in which this time limit differs and it may be shorter.
An advisor from our team could advise on gathering evidence in support of your claim and assess how long you may have to claim. Please contact our team for help with your case.
The Benefits Of A No Win No Fee Data Breach Compensation Claim
The benefits of a No Win No Fee data breach compensation claim include being able to work with a solicitor without needing to make upfront payments for their services or having to pay if your claim is not successful.
The solicitors making up our panel are often able to take on claims through a form of No Win No Fee agreement referred to as a Conditional Fee Agreement (CFA).
By using a CFA, you would only need to pay the solicitor for their work in the event of a successful claim. This payment may be called a ‘success fee’. This fee is a set percentage of your compensation. In the event of a successful claim, it is automatically deducted by your solicitor. The percentage deducted is pre-agreed in the CFA and is capped by legislation.
The success fee is not charged if you do not win your claim. Please contact us for a free consultation to learn more about the claims process.
Why Choose Data Breach Claims
By choosing Data Breach Claims you could work with a specialist solicitor from our panel on your case. Our panel helps individuals impacted by prison data breaches to seek compensation. Under UK data protection law, the justice system is required to safeguard your data. If a breach happens and you were impacted as discussed in this guide, you could be eligible to make a claim. Our advisory team could evaluate your case. If they think it valid, they could connect you to a solicitor from our panel who handles prison data breach claims.
Solicitors from our panel could provide services, such as:
- A Conditional Fee Agreement.
- Help with collecting evidence.
- Explaining complex legal jargon.
- Organise an independent medical assessment of your mental health.
- Help you access services such as psychological treatment or therapy.
Get In Touch With Our Team Of Advisors
Get in touch with our team of advisors to begin your claim.
- Phone us today on 020 8050 6279
- Use our live chat feature.
- Complete our form to contact us.
More Information
We have included resources where you can find more information on data breach claims, your rights and how to keep your personal data safe.
- Read about further examples of data breach claims in this guide.
- You can find information about how to claim for a police data breach in this guide.
- We explain how to report a data breach in this resource.
References:
- Get advice and guidance on cyber security for you and your family in this resource from the National Cyber Security Council.
- View the personal information charter of HM Prison and Probation Service in this resource.
- Check how to get access to your data held by the criminal justice system in this resource for the public from the ICO.
Thank you for reading our guide to prison data breach claims. To check if you could claim compensation, please get in contact with our expert team.