Shopping is more secure and safe these days than ever, but this is only the case if the retailer follows the rules regarding data protection. Should a failure to comply with data protection laws result in a compromise of your personal data, you could be eligible to make a retail data breach claim.
The Data Protection Act 2018 (DPA) and UK General Data Protection Regulation (UK GDPR) are two pieces of legislation that protect the data rights of the general public, including shoppers. These laws are enforced by the Information Commissioners Office (ICO), who investigate and fine any organisation or business, large or small, that fails to safeguard the personal data of the public.
The ICO cannot award compensation, so if you are looking to be compensated for the harm caused to you after a retailer mishandled your personal data, you can seek damages yourself. This guide explains how.
We’ll start by explaining who can launch a retail data breach claim and how a breach might occur in a retail environment. After this, we talk about some recent data breaches that made the news. As well as what steps the industry should take to reduce the risks of personally identifiable information being leaked or exposed.
The guide concludes by looking at the data breach compensation that might apply should your claim win. We also address how a solicitor from our panel could help support your claim on a No Win No Fee basis.
Read on to learn more about retail data breach compensation claims, or discuss your potential claim now:
- See if you qualify to start a No Win No Fee claim by calling 020 8050 3051
- If sensitive data about about you was compromised, contact us to claim online.
- Ask the live support bubble a question below.
Jump To A Section
- Can I Make A Retail Data Breach Claim?
- How Could A Retail Data Breach Happen?
- News Stories About Retail Data Breaches
- How Can The Retail Industry Prevent Data Breaches?
- What Is The Data Breach Claims Process?
- How Much Compensation For A Retail Data Breach Claim?
- Can I Claim For A Data Breach Using A No Win No Fee Solicitor?
- More Useful Resources About Claiming For A Data Breach
Can I Make A Retail Data Breach Claim?
As per the laws we looked at above, those entrusted with our personal data have an obligation to safeguard it. There are two groups that commonly process personal data. Data Controllers determine the reason for data collection and retention whilst Data Processors may be appointed to process personal data on their behalf.
A security incident is defined as the loss of confidentiality, integrity and availability of protected/sensitive information. A data breach can, therefore, involve the loss, unauthorised access, destruction, duplication and alteration of both physical and digital information belonging to data subjects.
Whether accidental or deliberate, you could have grounds to seek compensation for the harm caused by a retail breach if you can demonstrate the following:
- The retail outlet should have protected your data.
- They failed to comply with data protection laws and your data was involved in a breach.
- This caused you financial and/or psychological harm as a consequence.
All points need to apply to move ahead with a retail data breach claim. If you have been told by the controller or processor of a retail outlet that your personal details were compromised, or if you discovered a data breach problem yourself, connect with our team to explore your legal options.
How Could A Retail Data Breach Happen?
A retail data breach can happen in several potential ways:
- The retail staff failed to dispose of your personal information securely. This human error enabled an unauthorised third party to find it.
- Your purchase agreement information was posted to the wrong physical address and this allowed an unauthorised third party to access your personal data.
- An email containing customer data, including email addresses and home addresses, was shared in error with others on a retail website, which led to emotional distress.
- The security arrangements for paperwork in a store were insufficient, resulting in stolen personal data.
- Staff were disclosing personal information amongst themselves at a retail call centre. This was heard by unauthorised persons.
The circumstances of your retail data breach might be different. To discuss your specific case, please contact our advisors. They could place you with a data breach expert solicitor to help with your retail data breach claim.
News Stories About Retail Data Breaches
Data breaches are in the news more and more often. Below, we look at some retail examples that made the headlines:
- WH Smith staff were impacted by a cyber attack that involved names, addresses and National Insurance numbers for both current and former employees. Customers were not affected but the company needed to initiate an investigation to find the source of the breach and prevent it from spreading.
- Shoe retailer Vans suffered a data breach, which resulted in a potential threat of fraud to its customers. ‘Unauthorised activities’ were detected on its parent company’s (VF Group) IT systems in December 2023 and whilst it appeared no detailed financial information or passwords had been stolen, criminals may misuse the data they had managed to steal.
- In 2017, Dixons Carphone suffered a massive data breach involving 5.9 million payment cards and the personal data of 1.2 million customers. The chip and pin data of 105,000 cards had been hacked.
Sources
- https://www.bbc.co.uk/news/business-64823923
- https://www.bbc.co.uk/news/technology-68615042
- https://www.bbc.co.uk/news/business-44465331
How Can The Retail Industry Prevent Data Breaches?
Retailers can take the following steps to keep the personal data of customers safe:
- Ensure staff with access to personal data understand their DPA and UK GDPR responsibilities.
- Invest in robust IT defences and update them regularly.
- Install strong passwords and multi-authentification steps to access data.
- Put any computer screens on the shop floor on a time-out setting to avoid data breaches.
- Destroy unwanted sensitive data securely.
- Keep paperwork secured and update customers’ contact details and physical addresses regularly.
- Allow access to data by authorised staff only.
Determined cyber criminals may still find a way to gain access to information and not every data breach can reasonably be blamed on the company, particularly if they did their very best to secure data. However, if you feel they failed to protect your information, talk about how to sue a company for a data breach with our advisory team. They can help assess whether you have good grounds to launch a retail data breach claim.
What Is The Data Breach Claims Process?
The first step is to collect evidence that proves you suffered harm because of the retail data breach. The following can help:
- Raise a concern with the retailer. Also, establish how the breach occurred and what personal or sensitive data was involved. This correspondence can help support a retail data breach claim.
- Data controllers and processors must tell data subjects in a notification letter if their information was involved in a breach serious enough to impact their rights and freedoms. They need to do this no later than 72 hours after discovery, so the letter or email you received from them regarding this is solid evidence.
- You may have become aware of the data breach yourself, in which case you can request details and an explanation from the retailer at fault. If they fail to provide an effective response (or any response at all) you can elevate a complaint to the ICO. Wait a period of no later than 12 weeks since the most recent discussion on the matter to do this. Again, the ICO does not award compensation, but if they investigate the issue, their findings can bolster your claim.
- Retain all proof of psychological harm (medical notes and counsellor’s findings) as well as details of data breach costs such as supporting statements and bank statements, invoices and receipts.
- Change passwords and login details to limit the spread of the compromised data breach.
Feel free to call with any questions.
How Much Compensation For A Retail Data Breach Claim?
If you make a successful retail data breach claim, you could receive compensation for your material damage, non-material damage or both.
Firstly, non-material damage refers to any psychological injuries the data subject experienced because of the compromise of their personal data.
Those who calculate non-material damage might use any available medical records that you have presented. In addition to this, they often refer to publications like the Judicial College Guidelines (JCG). This document offers guideline amounts for a variety of psychological injuries and we include an excerpt below to illustrate.
The figures in the table below represent general guides, as each compensation claim will vary. Furthermore, the first entry does not come from the JCG.
Compensation Guidelines
Injury Specifics | Level of Severity | Award Guideline | Notes |
---|---|---|---|
Multiple degrees of psychological injury and award for material damage. | Severe | Up to £500,000 plus. | This would reflect a severe psychological injury on many levels and result in a material damage award for inability to return to work, counselling fees and the costs of relocating or restoring privacy. |
Psychiatric Harm of a General Type | Severe | £66,920 up to £141,240 | Marked difficulties with work, relationships and education and future outlook considered very poor. |
Moderately Severe | £23,270 up to £66,920 | A more optimistic outlook than bracket above despite similar significant problems to those in bracket above. | |
Moderate | £7,150 up to £23,270 | Problems in areas detailed in brackets above but a discernable improvement by the point at which the case might be heard in court. | |
Less Severe | £1,880 up to £7,150 | Awards that fall into this bracket typically are based on the length of recovery involved. | |
PTSD (Post-traumatic stress disorder) | Severe | £73,050 up to £122,850 | Permanent psychological trauma that stops the person from living life on any level as they did prior to the event. |
Moderately Severe | £28,250 up to £73,050 | This bracket has awards that differ to the one above based on an improvement seen after the person receives psychiatric counselling. | |
Moderate | £9,980 up to £28,250 | Largely a return to health and remaining symptoms are not massively intrusive. | |
Less Severe | £4,820 up to £9,980 | Virtually a full return to health within 1 - 2 years and only minor persisting issues lasting beyond this period. |
Can I Claim For Material Damage In A Data Breach?
You can also be compensated for your material damage. This is the financial loss suffered because of the data breach. Material damage needs to be substantiated with documented proof. The following can help support this :
- Payslips that reveal a drop or loss in earnings caused by time off work with stress.
- The cost of replacing any personal property like laptops or iPhones.
- The costs associated with relocating if you need to move due to the breach of your personal data.
You are welcome to chat with our advisors about non-material and material damage and how much compensation you could be awarded for a retail data breach claim. Or if you have other questions or concerns about the data breach claim process, please get in touch.
Can I Claim For A Data Breach Using A No Win No Fee Solicitor?
It’s important to know that it isn’t a legal necessity to use a data breach lawyer to help you start a retail data breach claim. However, it makes sense to see if one could help you submit a stronger case. We work closely with a panel of solicitors who do this in a variety of ways:
- They can help collect and compile supporting evidence.
- Handle the court correspondence, deadlines and pre-action protocols that often arise in compensation claims,
- Accurately estimate the compensation owed.
- Explain difficult legal jargon.
In addition to this, they can offer their data breach expertise in a way that avoids yet more financial expense and aggravation. This is typically done under a type of No Win No Fee arrangement called a Conditional Fee Agreement (CFA). This type of agreement offers the following advantages to the claimant:
- There’s no initial solicitors fees to begin work.
- No fees apply for their services as the claim moves forward.
- There is nothing to pay your solicitor’s for finished work if the claim fails.
- A ‘success fee’ applies for claims that win. (A small percentage of the compensation awarded is deducted at the end). A legislative cap ensures the percentage is low and the person claiming benefits first and foremost.
If this sounds interesting to you, take the first step of speaking to our advisory team. If they determine that your claim has solid grounds, they could connect you to a solicitor from our panel to launch a No Win No Fee retail data breach claim today:
- See if you qualify by calling 020 8050 3051
- Contact us to claim online.
- Or ask the live support bubble a question below.
More Useful Resources About Claiming For A Data Breach
In addition to this guide about retail data breaches, you can read more information in these other guides from our site:
- Here you can find useful information on the types of personal data breaches you can claim for.
- This guide looks at how to report a data breach in more detail.
- Also, we discuss compensation for distress after a data breach.
External resources to help:
- This link looks at how to make a data protection complaint from the government.
- Also, here is information on the National Cyber Security Centre (NCSC).
- Lastly, please find useful reading on stress from the NHS.
In conclusion, thank you for reading our guide on how to make a retail data breach claim. We value your interest and encourage you to call, email or use live chat to continue the conversation.