Have you suffered emotional distress or financial harm as a result of your employer sharing your personal information? If so, you could be eligible to claim data breach compensation if you meet the relevant criteria.
In this post, we’ll explore the requirements for having valid grounds to sue your employer following a data protection breach involving your personal, sensitive data and the other steps you could take, such as gathering evidence and ensuring you take action within the time limit for data breach claims.
Additionally, we explore how your employer could breach your personal information.
Finally, we discuss how a No Win No Fee solicitor could help you seek compensation.
For more information, you can:
- Call on 0333 241 2521
- Speak with an advisor via the contact form
Data Protection Legislation in the Workplace
Your employer sharing personal data amongst employees is still against the Data Protection Act, regardless of how free the workplace culture can be. Your employment contracts and employee handbooks give cautionary statements that disclosing such information, even with an employee’s permission, is a failure of both the Data Protection and Equality Act.
As for the private lives of employees, whilst it’s not illegal to talk about, it’s important to respect other employees. Disrespect can lead to a phone call to the HR department and disciplinary action likely will soon follow. HR functions to protect other co-workers from ill-treatment and lack of equity.
A lot of this information is laid out in the employee records. Nonetheless, personal data and company information, such as proprietary data, insider information and trade secrets are all topics that must be kept confidential to stay on the right side of employers and the law.
My Manager has Breached My Confidentiality UK – What Are My Rights?
Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, certain parties have a responsibility to protect your personal data. Personal data is any information that identifies you or that could lead to you being identified i.e. your name or email address. Some personal data warrants extra protection due to its sensitivity and is classed as special category data. For example, your trade union membership status.
Data controllers and processors must comply with data protection legislation. A controller decides why and how your personal data is used whilst the latter processes your data on the controller’s behalf. Your employer, as a data controller, must adhere to these pieces of legislation. As such, they must have a lawful basis for processing your personal data. If they share your personal information without a lawful basis for doing so, this could be considered a breach of data protection.
If your personal data has been compromised following a breach of the UK GDPR at work, and this causes you emotional harm, financial loss, or both, you may have valid grounds to start a data breach claim against your employer.
Examples Of Employer Data Breaches
If you are unsure how an employer data breach could occur, we’ve listed some examples below:
- Your employer may send a letter containing your personal information to the wrong postal address, despite having your correct home address on file.
- An email data breach can happen if your employer fails to use blind carbon copy (BCC) when sending out an email to employees, meaning others can view your email address.
- Hackers could access your personal data if your workplace’s internal online security systems lack the appropriate encryption software.
Can I Make A Claim For An Employer Data Breach?
In order to have an eligible claim for data breach compensation, you’ll need to gather evidence that can highlight the following:
- Your employer has failed to comply with the UK GDPR and the DPA 2018.
- Your personal data has been compromised in a breach as a result.
- You have subsequently suffered psychological harm and/or financial loss.
Useful evidence you could obtain to support your data breach claim include:
- A letter of notification from your employer that confirms your personal data was compromised in a breach. Your employer must inform you without undue delay when your rights and freedoms are at risk.
- Any correspondence with your employer regarding the breach. For example, you may have raised a complaint via email or by sending a letter.
- Any correspondence with the Information Commissioner’s Office (ICO). You can report a suspected breach to the ICO, an independent body that upholds UK data subjects’ rights and freedoms.
- Medical evidence that can prove you have suffered mental health harm i.e. your medical records or a report from an independent medical expert.
- Evidence of financial loss, such as a bank statement.
Is There A Time Limit For Data Breach Claims?
Generally, you’ll have six years to start a data breach claim. If the claim is against a public body, this is reduced to one year.
You can get in touch to find out more about the time limits and how long you have to seek compensation for a data breach.
Make A Claim With A No Win No Fee Data Breach Solicitor
A No Win No Fee data breach solicitor could assist during the claims process by offering a Conditional Fee Agreement (CFA). Under this type of No Win No Fee arrangement, they’ll offer the typical benefits of a solicitor, such as gathering evidence on your behalf.
Additionally, a No Win No Fee solicitor offering their services under the terms of a CFA usually won’t charge any fees for their work upfront or whilst the claim is ongoing. If your data breach claim is unsuccessful, you won’t pay your solicitor for their services. A legally capped success fee will be taken from your settlement if your claim does succeed.
To learn more about when you could make a claim following an employer data breach, please contact an advisor. To do so, you can:
- Call on 0333 241 2521
- Speak with an advisor via the contact form
How Much Employer/Manager Data Breach Compensation Can I Claim UK?
It is quite hard to pinpoint the exact amount that can be made through a violation of data protection laws, and the following information can easily be shifted based on judicial decision-making. However, take these as average estimates:
Minor Breach – Minor breaches can be described as non-sensitive data being leaked, or a breach that is solved and concluded quickly. They tend to yield compensation of around £1,000 to £3,000.
Moderate Breach – Moderate breaches often involve highly sensitive data, such as bank account information. What makes them moderate is how much they tend to lose financially. Emotional distress is also taken into account, of course. You can expect to see a range of £3,000 – £10,000.
Serious Breach – This is a breach that involves highly sensitive data alongside significant financial losses, with emotional distress playing a high factor. You can expect compensation of around £10,000 to £25,000.
Severe Breach – These are considered cases of absolutely catastrophic failure to protect information, resulting in high losses in emotional health and financial status. You can expect compensation awards of £25,000 and above.
