Learn How To Make Travel And Hospitality Industry Data Breach Claims

A data breach can ruin the experience of a dream holiday or staying in lovely hotels. The dread of knowing your personal information has been accessed, and even misused, can cause far-reaching stress and aggravation. So if you’re looking for information about travel and hospitality industry data breach claims, this guide can help.

You may not know, but all organisations and businesses must safeguard the protected data they hold about you. Two main pieces of legislation detail this obligation, called the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR). These laws explain how those in control (called data controllers and data processors) need to handle your personal information.

Private hotels and travel agents are subject to these data protection laws, along with every other business or organisation that processes personal data. So, if you can prove that a business failed to comply with data protection laws and you were negatively impacted, a claim against them for data breach compensation could apply.

Our guide begins by explaining what a data breach in the travel and hospitality industry is and what might cause one. We’ll explore how to detect a breach and what is needed to construct an effective claim against the data processor. In the following sections, we’ll also discuss how compensation for a data breach is calculated and what it can cover.

The final section will explain how a solicitor from our panel could handle a travel and hospitality industry data breach claim for you. Read our frequently asked questions section to learn more, or if you wish to discuss your claim right now, you can:

NEON SIGN FOR A HOTEL

Frequently Asked Questions 

What Are Travel And Hospitality Industry Data Breaches?

A travel and hospitality data breach is when the controller or processor compromises your personal data. However, you may not fully understand these terms. Before we examine travel and hospitality industry data breach claims in detail, there are some basic facts about data breaches to understand.

A personal data breach can be the loss of a data’s integrity, its accessibility or confidentiality. The term ‘personal data’ includes:

  • Your name and address.
  • Email, address, mobile or social media accounts.
  • Banking information and payment details.
  • Passport information.

Personal data can also be classified as a special category, which means it has the potential to cause greater harm to the data subject if it becomes compromised. This includes health and biometric information, political and religious beliefs, sexual orientation and racial or ethnic details.

A travel agent or hotel might need to hold a surprising amount of personal data about a person in the course of a typical travel or accommodation booking. Because of this, they must strenuously avoid any deliberate or accidental action that results in customers’ data being mishandled. A breach can be any failure by them to meet the standards of data protection expected (called ‘wrongful conduct’).

So if your personal information was lost, shared without authorisation, altered unlawfully, suffered accidental destruction or otherwise impacted by a security incident that led to a breach, speak to our advisors. They can answer any questions you might have about travel and hospitality industry data breach claims. Also, they could connect you to expert legal advice to help you deal with the harm caused by the breach.

What Can Cause A Travel Or Hospitality Data Breach?

We now explore some of the ways in which a data breach might happen in the travel and hospitality sector because of either deliberate action or human error:

  • The agent at an online booking company attaches copies of a customer’s passport and other sensitive details in error to a document that is then shared with others.
  • Poor IT defence in a travel agency allowed malware to infiltrate their databases and compromise the personal information of multiple customers.
  • An airport accidentally shared your flight information with unauthorised parties in an email data breach.
  • The paper copies of booking confirmations and payment details of a cruise operator were left in an unsecured location, resulting in them being lost or stolen. This allowed others to use the data for criminal activity.
  • Travel plans and a detailed itinerary were posted to an old address (despite them holding the correct customer details). This allowed the data to be used in ways that harmed the customer.
  • The staff in a hotel lost a device (such as a laptop or smartphone) that wasn’t password protected. The lost device held the credit card details of guests, allowing an opportunist to hack in and take data.

Your case may be different. It’s important to stress that a claim could apply whether the cause of the data breach was deliberate or accidental. Agents and staff in the hospitality and travel sectors must take all reasonable steps to secure personal data in their care, so if you believe they failed and you suffered harm as a consequence, speak to us about your options.

GRAPHIC OF A MAGENET DRAWING PERSONAL DATA FROM A LAPTOP

How Do I Know If Travel Or Hospitality Companies Have Breached My Data?

The following can help alert you to a data breach problem with a travel or hospitality provider:

  • Organisations need to notify impacted data subjects about any serious data breaches that affect their rights and freedoms no later than 72 hours after they have discovered it (where feasible). Therefore, you may receive a letter of notification from them about the breach.
  • Be vigilant for any increase in spam, cold calls or unwanted emails.
  • Check to see if there is any unusual activity in your bank accounts.
  • ‘Darkhotel’ hacking is a specific risk that targets hotels in particular. Therefore, it can be useful to check online to see if other users and customers are detecting a data breach problem.

If you’d like further guidance, perhaps a solicitor from our panel could help. Call the team to discuss how they handle travel and hospitality industry data breach claims.

Do I Need To Inform The ICO Of A Data Breach?

The Information Commissioner’s Office (ICO) is the independent organisation set up to protect the data rights of the public. A powerful watchdog, it can investigate and issue penalties against any public organisation or private company that fails to adhere to data protection law properly.

It is important to respond to a concern about a data breach promptly. Delay can allow time for cyber criminals to steal more information and further infiltrate people’s private lives. The potential criminality can be devastating.

You don’t have to complain to the ICO about a data breach, and it does not impact your right to launch a data breach compensation claim either way. However, if the ICO chooses to investigate the issue (they may not), any findings they make could help strengthen your claim. A solicitor can still help you either way, so get in touch if you want to talk this over.

Can I Make A Data Breach Claim Against The Travel And Hospitality Industry?

Before we explore compensation itself, it’s important to understand the criteria that must be met to have an eligible data breach claim:

  • The controller or processor engaged in ‘wrongful conduct’ with the customer data (such as sharing details about you in an unauthorised group email).
  • As a result of this, your personal data was compromised.
  • You suffered actual financial and/or psychological harm as a consequence of this data breach.

Once you have satisfied yourself that all three points apply to you, there are certain actions open to you that could help the claim:

  • Raise the concern with the hotel, travel agent, booking company, or other providers involved.
  • If you fail to receive a satisfactory response from the company about your data concerns, wait no longer than 3 months to elevate your complaint to the ICO.
  • Seek legal advice from a data breach solicitor. We can help with this if you get in touch.

How Much Data Breach Compensation Could I Get?

You could be compensated up to £141,240 if the data breach caused you to suffer severe psychiatric harm (this figure is from the Judicial College Guidelines, which we explain shortly). However, you may also recover financial losses as part of the same claim, such as relocation costs.

If the outcome of your data breach claim is successful and you are awarded compensation, you could receive an amount for both your non-material damage and material damage.

Non-material damage is the psychological and emotional distress the person suffered because of the data breach. This can range from general stress to chronic trauma responses that massively impact the person’s quality of life.

Those involved in the calculations can apply monetary value to these impacts. To do this, they often use presented psychiatric evidence and compare it alongside publications like the Judicial College Guidelines (JCG).

Below you will find a table that uses excerpts from the JCG for psychological damage. Please note that the guideline brackets shown are only ever used as an approximate idea. Every claim varies according to individual circumstances, and it’s best to consult a solicitor to get a more precise idea about compensation. Furthermore, our first line entry is not from the JCG:

Guideline Brackets

HARMSEVERITYAWARD BRACKETSNOTES
Multiple types of psychological harm and material damage amounts.SeriousUp to £250,000 plusCases where the person suffers more than type of psychological injury and material damage amounts for lost income and counselling fees.
Psychological damage(a) Severe£66,920 up to £141,240Person suffers marked issues coping in all ears of daily life and prognosis is poor.
(b) Moderately severe£23,270 up to £66,920Significant problems still presenting although the overall prognosis is better than bracket above.
(c) Moderate£7,150 up to £23,270Although there may have been significant issues, a marked improvement occurs by the time a trial may take place.
(d) Less severe£1,880 up to £7,150The duration of harm is assessed in this bracket.
PTSD (Post-traumatic stress disorder).(a) Severe £73,050 up to £122,850Permanent and severe impacts that prevent the person coping as they did prior to trauma.
(b) Moderately severe£28,250 up to £73,050This bracket differs from the one above in as much as professional counselling mitigates the worst effects.
(c) Moderate£9,980 up to £28,250On the whole, recovery takes place with persisting disability not being gross.
(d) Less severe£4,820 up to £9,980Almost a full recovery within 12 - 24 months and only minor problems persisting past this period.

What If I’ve Suffered Financial Losses Due To The Breach?

A hospitality data breach could lead to financial harm. This material damage can be compensated for as part of the data breach claim. With the correct statements, documented evidence, invoices or receipts, you could claim back the financial harm inflicted upon you by the data breach. For example:

  • The costs of any counselling fees to deal with related stress.
  • The cost of re-establishing privacy on smartphones, laptops or other devices.
  • The repercussions of needing to move or reorganise your life.
  • Payment for the costs of home security, plus any subscription fees to maintain it.

For precise guidance on what you could claim back in the way of financial harm, speak to our advisors about travel and hospitality industry data breach claims. They could connect you to an expert from our panel and boost your potential settlement.

STAFF IN A HOTEL ON THE MAIN DESK

How To Make Travel And Hospitality Industry Data Breach Claims

If you are satisfied that your travel and hospitality data breach claim for compensation meets the criteria we looked at above, there is, in general, a 6-year time limit in which to get started. The next step is to assemble supporting evidence. You might also consider seeking legal help with your claim from a data breach specialist, and we will discuss how to do that below.

The proof you gather needs to show:

  • How the travel and hospitality data breach occurred.
  • Who exactly was responsible? For example, was it the booking agent, the hotel concierge or staff at an online tour operator?
  • How did it affect you? (either emotionally, financially or both).

If your data breach claim qualifies and you decide to access help from a solicitor from our panel, they will assist you in gathering supporting evidence, such as:

  • A letter of notification from the travel provider about the breach.
  • Any other correspondence with the travel company or hospitality provider about the matter.
  • Bank statements and receipts proving your related financial harm.
  • Medical records or reports from a counsellor or mental health practitioner that detail the emotional harm you have experienced.

For more information on time limits, evidence and how a solicitor might support you through the travel and hospitality industry data breach claims process, speak to our team of advisors on the contact options above.

NO WIN NO FEE SOLICITOR EXPLAINING TRAVEL AND HOSPITALITY INDUSTRY DATA BREACH CLAIMS

Can I Make No Win No Fee Data Breach Claims?

Yes, if you satisfy the data breach claims eligibility, a No Win No Fee solicitor from our panel could help you make a claim.

Our panel of solicitors can offer excellent services without needing you to find extra money for legal costs. By using a variation of No Win No Fee terms called a Conditional Fee Agreement (CFA), you can take advantage of the following:

  • There is no requirement to pay initial solicitors’ fees to start work on the data breach claim.
  • No fees apply for work carried out by solicitors moving forward.
  • Under the terms of a CFA, no solicitors’ fees apply for completed services if the data breach claim is unsuccessful.
  • If the claim is a success, a small percentage of the compensation is paid to your solicitors.
  • This success fee amount is capped by law to keep it low. This aims to ensure that the person claiming receives the bulk of their compensation.

A CFA could enable you to fund a solicitor to support your travel and hospitality industry data breach claim today. Get in touch for a free eligibility check.

Data Breach Claims’ Panel Of Solicitors

You aren’t obliged to instruct a data breach solicitor to initiate a claim. But it makes good sense to see if one could help. For example, the expert solicitors on our panel can offer an array of support services to help you get the compensation owed:

  • They will calculate the total amount of compensation with a much greater degree of accuracy.
  • They’ll help you collect supporting evidence.
  • They will confidently deal with all the correspondence and deadlines for any court requests as the claim moves forward.
  • They’ll negotiate with the travel or hospitality provider on your behalf for the highest settlement.
  • And present a professional case at all times.

We’ve helped thousands of people just like you to seek the compensation owed to them after a data breach. Why not call for a no-obligation chat to see if we can help you? Start by:

Learn More

In addition to the information in this article about travel and hospitality industry data breach claims, you might find these helpful:

External reading:

In conclusion, thanks for reading our guide on travel and hospitality industry data breach claims. For any more help or support on this topic, please reach out to the team through the options above.