You may wonder if you can claim compensation on behalf of your child if their personal data was involved in a data breach. In the UK, we have two main pieces of legislation designed to protect personal data. These are: the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. They also set out the data breach claim eligibility criteria. In this post, we look at how to claim data breach compensation.
If you need any other information, you can:
Claiming Compensation If Your Child’s Data Has Been Breached
Article 82 of the UK GDPR grants data subjects the right to seek compensation if they suffered financial or mental harm due to a breach of their personal data. However, minors under the age of 18 cannot initiate legal proceedings. This means that you will need to act on behalf of your child to start a data breach claim.
Additionally, if you are claiming on behalf of your child, you will need to prove that:
- The data controller or processor failed to adhere to data protection laws. A data controller is usually an organisation that decides the means and purposes behind data processing. Additionally, they can instruct a data processor to process the data on their behalf.
- Your child’s personal data was compromised in the breach. Personal data is any information that can directly or indirectly identify a particular person as the subject.
- They suffered harm as a result of the compromise. This may be financial harm, such as criminals gaining access to their bank account and spending the funds; or mental health harm, such as stress.
Examples Of Data Breaches Involving Children
A child’s personal data may be compromised in various situations. These include:
- Social media and other online accounts. For example, a social media company may suffer a cyber attack due to vulnerabilities in their online security.
- A school data breach. Your child’s school will hold a lot of personal data, such as their name, date of birth and home address. This could be held digitally or in paper files. The school should ensure that all staff members with data access are compliant with the data protection legislation as well as ensuring their systems are updated. For example, if paper files containing student personal data were not kept in a locked filing cabinet, which allowed unauthorised access to occur.
- Medical data breach.Your child’s healthcare provider will have their medical records. These may be kept digitally or in paper files, or both. Organisations need to ensure that their staff are trained to adhere to the legislation as well as ensuring that their cyber security systems are up to date. For example, GP receptionist lost a memory stick containing personal data.
What Evidence Do I Need To Prove A UK GDPR Breach?
To claim on behalf of your child, you will need to submit supporting evidence. Examples include:
- The letter of notification. An organisation must inform you of a breach that could impact your rights and freedoms without undue delay.
- Information Commissioner’s Office (ICO) confirmation. Organisation must inform the ICO of a reportable breach within 72 hours.
- Health records if your child experienced psychological harm.
- Bank records if your child suffered financial harm.
Can I Make A Data Breach Claim On A No Win No Fee Basis?
If you are eligible to make a data breach claim on behalf of your child, you may wish to have legal representation. One of our solicitors could help. Typically, they offer their legal services on a No Win No Fee basis under an agreement called a Conditional Fee Agreement (CFA).
With this kind of agreement, you usually won’t be asked to pay upfront or ongoing fees for the solicitor’s work on the case. As this claim is for a minor even if the claim has a successful outcome there is no fee to pay.
Get In Touch For Advice On Child Data Breach Claims
If you need any advice about what steps you could take if your child’s data has been breached, or would like to find out if you can claim on their behalf, get in touch. To do so, you can: