Data-Breach.com has dealt with over 14,000 data breach enquiries

Call free

Data Breach Compensation Examples

Data Breach Examples

If you suspect your data has been breached, you may be wondering how much you might be able to claim in terms of data breach compensation. The answer isn’t quite as straightforward as you might think because data breaches vary in scale, severity and impact on individuals.

Both material damage and non-material damage are taken into account with data protection breach compensation and while these can differ in each case, making it difficult to outline standard compensation amounts, we can nonetheless provide some general compensation estimates based on the degree of harm that is caused by a data breach.

Here we outline data breach claims in general, typical types of data breaches, and the amounts you might expect to be awarded if you claim compensation under data protection law.

What is a GDPR data breach compensation claim?

A data breach occurs when an organisation responsible for storing and processing the personal data of individuals has failed to adequately protect. Inadequate security systems, poor data processing procedures, administrative errors are just some of the ways that a data breach can occur.

Data breach compensation claims are generally filed by individuals, companies, or groups of people who have been affected in some way following a breach which has affected the confidentiality, availability, or integrity of their personal data. Under two main pieces of legislation, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA), you can seek damages from alleged data protection breaches.

In what sectors do personal data breaches occur most commonly?

Data breaches occur in many situations, affecting not only sole individuals (e.g a medical letter sent to the wrong address) but also groups of people en masse (e.g. a cyber attack that has resulted in financial and other data being accessed). In some cases, the impact may be minimal, while in others the potential impact for financial losses and emotional distress can be high.

Often the data involved can be of a highly sensitive nature, whether it is financial, personal or even medical data. Government bodies, medical facilities, schools, banks and other financial institutions are often the types of organisations where data breaches typically occur, and because of the type of information involved, they are often considered significant data breaches.

The loss of financial data, medical records, and other confidential personal and sensitive data can often have far-reaching consequences. It is these types of significant data protection breaches that could potentially bring larger compensation amounts due the the degree of harm that could result.

Examples of data breach claims

There are numerous ways in which an organisation might be responsible for a breach of your personal data…

  • A hack results in your personal details and payment details being made public.
  • Correspondence sent to the wrong address despite you previously telling them to update their records.
  • Email sent with all recipients all clearly visible as sender has failed to use the BCC ‘blind copy’ feature.
  • Personal data emailed to an unauthorised person.
  • Your medical records have been lost by a medical professional.
  • Your identity has been disclosed in a case where you have given confidential evidence.

 

How much compensation could you receive for a UK data breach?

A UK breach involving sensitive data will have greater potential for a higher compensation amount because of the potential impact the breach could have. For example, emotional distress caused by a leak of highly sensitive medical data relating to an individual would be considered highly significant and could result in a larger compensation amount.

Likewise, a leak of someone’s details, potentially to a former abusive partner when correspondence has been sent to an old address, could also be a real cause for concern and give rise to greater compensation amounts. Data breaches involving financial details or identity theft could result in monetary losses, which in some cases could be large and result in varying degrees of stress.

The amount of compensation you could receive will depend on various factors including the cause of the breach, the type of data involved, the period of time the data was exposed, and the impact it has had on the individual (material damage and non-material losses).

Average data breach compensation example amounts

In the event of a data breach, those responsible for handling the data (the data controller and data processor) could potentially face a fine from the Information Commissioner’s Office (ICO). This fine would be completely separate from any compensation awards.

While compensation is determined by a number of factors, the following compensation amounts relating to degrees of harm (as suggested by Judicial College Guidelines) are useful as a starting point for determining damages in court following a data breach.

 

Injury Severity Compensation Amounts
Psychiatric Damage Severe £66,920 to £141,240
  Moderately severe £23,270 to £66,920
  Moderate £7,150 to £23,270
  Less severe £1,880 to £7,150
Post-Traumatic Stress Disorder (PTSD) Severe £73,050 to £122,850
  Moderately severe £28,250 to £73,050
  Moderate £9,980 to £28,250
  Less severe £4,820 to £9,980
Financial Losses   Up to £500,000+
Data Breach Compensation Amount Examples

When are individuals eligible for data breach compensation?

In instances of a data breach, the organisation involved will usually be required to inform the ICO regarding the breach, as well as informing those affected customers. It is likely you will have received an email or letter informing you that your data has been part of a personal data breach incident, and this is a good way of knowing that you have a potential claim.

At that point in time it may not be clear how severe the breach is, nor will the long-term impact be known. If your bank or credit card accounts or information is compromised in some way, there could be further repercussions in future, and this would need to be taken into account with any settlement. For this reason, it is not always in your best interests to have the case resolved too early on.

Initially, your data breach solicitor will outline your claim by sending a letter of claim to the defendant. In some instances the organisation involved may agree compensation without having to resort to lengthy action. In other situations it may be necessary to bring action against those responsible for the leak of your data.

What documentation is needed to make a data protection breach compensation claim?

In order to support any claim for compensation, you will need to gather together any available information you have to support your claim. Keep hold of any correspondence from the data controllers regarding the breach.

If you have suffered any material damage as a result of the data breach, such as financial losses, then receipts, credit card and bank statements, and even screenshots showing misuse of your personal information can support your claim. If you have suffered some form of emotional distress, then a medical report to that effect will be useful and improve your chances of a successful data breach claim.

Make A Data Breach Claim Today

Data breach law can be quite complex and it is by no means certain that you will have a valid claim. Some minor data breaches may not warrant any sort of compensation, while breaches that affect you financially or emotionally could result in compensation worth thousands, depending on the degree of those losses.

To claim data breach compensation, get in touch with our team and we will look into whether you have a valid data breach claim. Our data breach solicitors are highly skilled at handling these types of claims and getting people the maximum compensation they deserve.

Eleanor Watts

Eleanor Watts is a skilled solicitor who specialises in handling data breach cases and leads the dedicated team at the Data Breach department. Her journey began at the University of Nottingham, where she earned her law degree, and later pursued her masters in law from the University of Law. Becoming a qualified solicitor in 2021 after completing her training, Eleanor's focus turned to data protection and privacy claims, a field she's excelled in since the implementation of GDPR in 2018.

Eleanor Watts

Eleanor Watts is a skilled solicitor who specialises in handling data breach cases and leads the dedicated team at the Data Breach department. Her journey began at the University of Nottingham, where she earned her law degree, and later pursued her masters in law from the University of Law. Becoming a qualified solicitor in 2021 after completing her training, Eleanor's focus turned to data protection and privacy claims, a field she's excelled in since the implementation of GDPR in 2018.

We're ready to help you get the compensation you deserve

Alternatively, give one of our solicitors a call free on 0333 070 5800

Lines open 9am – 5pm Mon to Fri

Has your data been handled incorrectly?