Data-Breach.com has dealt with over 14,000 data breach enquiries

Call free

Can I Sue For A Data Protection Breach?

can I sue for data protection breach?

Eleanor Watts

Eleanor Watts is a skilled solicitor who specialises in handling data breach cases and leads the dedicated team at the Data Breach department. Her journey began at the University of Nottingham, where she earned her law degree, and later pursued her masters in law from the University of Law. Becoming a qualified solicitor in 2021 after completing her training, Eleanor's focus turned to data protection and privacy claims, a field she's excelled in since the implementation of GDPR in 2018.

The short answer to this question is yes, you could sue a company that has failed to protect your personal data. Under data protection law, organisations holding your data have a responsibility to ensure your personal data is not misused, destroyed, disclosed, or lost. If you think your data has been mis-handled in this way and not adequately protected, you have the right to sue the organisation responsible and potentially receive compensation for the data breach.

Data breach compensation

Under data protection law if a company that is holding your data suffers a data breach, you could be entitled to claim data breach compensation if you have experienced some form of damage as a result. The GDPR and Data Protection Act give you the right to claim compensation for both material (e.g financial losses)and non-material damage (e.g. anxiety or distress) as a result of your data being breached.

It can sometimes be difficult to know if your personal data has been breached. Often if an organisation has experienced a data breach, they will inform you directly, often with an email or letter informing you of the nature of the data breach.

A personal data breach occurs when an individual’s information is lost, destroyed, accessed, or disclosed in an unauthorised way. This can be a deliberate or accidental breach by someone inside or outside the organisation.

Data breaches can involve:

  • Personal health information
  • Medical documents
  • Social services documents
  • Financial information
  • Sensitive, protected, or confidential information

Who can you claim against for a breach of data protection?

You can make a claim for a data breach against an individual or an organisation either in the public sector, private sector, or charitable sector. In some cases, there can be more than one defendant. Often, GDPR claims and data breach claims are settled out of court, but sometimes it may be necessary for the matter to be settled in court. The data breach claims process can sometimes be long drawn out if the organisation responsible is refusing to accept fault.

How much can you claim in data breach compensation?

How much compensation you could receive for a data breach compensation claim will depend on the type of data breach and how it has impacted your life both financially and from a stress point of view. The law in this area is currently under development and the courts are yet to provide any specific guidelines on what will be awarded to data breach claimants. However, damages awarded in employment discrimination cases can offer some guidance on the subject and is divided into three bands.

1) £900-£8,600 for less serious cases where the incident was just a one off, for example:

  •  Disclosure of an individual’s name, date of birth, home address, and email address, £1,000-£1,500
  •  Disclosure of information linked to a medical data breach, £2,000-£5,000
  •  Disclosure of financial information, £3,000-£7,000 depending on the effect of the breach

 

2) £8,600-£25,700 for a breach that is more serious than the first band.

3) £25,700-£42,900 if there has been a protected pattern of default, which has caused depression or other illnesses. Medical evidence would be required to support this alongside evidence to back up any other losses such as earnings.

What happens if the organisation doesn’t agree to pay out on data breach compensation claims?

If you have a strong case against an organisation for a data protection breach and they are refusing to pay compensation, your next step would be to make a claim in court. The court would decide your case, and if it found in your favour, would decide the appropriate level of data breach compensation.

It is strongly recommended that you take independent legal advice on the strength of your case prior to taking any claim to court. We can help put you in contact with an experienced data breach solicitor who can discuss with you whether your data breach claim is worth pursuing. Get in touch with us today to find out more about claiming compensation.

Who should you inform if you suspect a possible data breach?

Data breach cases are not always straightforward and can require a bit more investigation to get all the key details. If you suspect a data breach has occurred, it is recommended that you contact the Information Commissioner’s Office (ICO), the UK’s data protection regulator and supervisory authority for GDPR compliance.

The ICO can investigate the alleged data breach incident and determine if an organisation is at fault for the breach. This can be quite a slow process, but it can lead to an increased chance of a successful data protection breach compensation claim. The ICO does not award compensation to data breach victims, instead to seek recompense you need to make a data breach claim against the data controller, the organisation responsible for breaching your data.

A significant fine or a factual report from the ICO that the organisation in question is responsible for the data breach will be extremely valuable and will often be a good indication that you have a valid data breach claim. You are not required to contact the ICO or wait for its investigation to end before you claim data breach compensation, you can bring a case against a company directly without involvement from the ICO. It will be more beneficial however to go through the ICO first to help strengthen your case.

What should you do if you are notified that your data has been breached?

In the event that an organisation contacts you to inform you that your personal data has been part of a data breach, you should take these necessary steps to prevent further issues…

  • Change your passwords. If your data has been breached and you use similar login information like usernames and passwords for other websites or online accounts, you should change those details straight away.

 

  • Keep an eye on your bank accounts and credit report. You might want to watch your bank accounts and other online accounts closely over the next few months, particularly if you think or know that the breach involved financial details or other details the hacker could use to commit identity fraud. If you see anything unusual you should contact your bank immediately and explain that you have been a victim of fraud. Also, it is important to check your credit report to ensure credit isn’t taken out in your name.

 

  • Be aware of scams. If you are contacted over the phone asking for personal details or passwords you should take steps to check their true identity. Ask them to give you details that only the company they claim to be calling from would know. For example, details of your service contract or how much you pay per month. Keep in mind that scammers could have access to more of your personal information than seems normal. So, if you are suspicious of the caller, hang up the phone, look up the company’s phone number, and ring them for yourself.

Eleanor Watts

Eleanor Watts is a skilled solicitor who specialises in handling data breach cases and leads the dedicated team at the Data Breach department. Her journey began at the University of Nottingham, where she earned her law degree, and later pursued her masters in law from the University of Law. Becoming a qualified solicitor in 2021 after completing her training, Eleanor's focus turned to data protection and privacy claims, a field she's excelled in since the implementation of GDPR in 2018.

We're ready to help you get the compensation you deserve

Alternatively, give one of our solicitors a call free on 0333 241 2521

Lines open 9am – 5pm Mon to Fri

Has your data been handled incorrectly?