Data-Breach.com has dealt with over 14,000 data breach enquiries

Call free

What to do when your manager or employer shares your personal information with other employees UK

employer shares personal data with other employees

Eleanor Watts

Eleanor Watts is a skilled solicitor who specialises in handling data breach cases and leads the dedicated team at the Data Breach department. Her journey began at the University of Nottingham, where she earned her law degree, and later pursued her masters in law from the University of Law. Becoming a qualified solicitor in 2021 after completing her training, Eleanor's focus turned to data protection and privacy claims, a field she's excelled in since the implementation of GDPR in 2018.

Have you suffered emotional distress or financial harm as a result of your employer sharing your personal information? If so, you could be eligible to claim data breach compensation if you meet the relevant criteria. 

In this post, we’ll explore the requirements for having valid grounds to sue your employer following a data protection breach involving your personal, sensitive data and the other steps you could take, such as gathering evidence and ensuring you take action within the time limit for data breach claims. 

Additionally, we explore how your employer could breach your personal information by not complying with data protection principles. 

Finally, we discuss how a No Win No Fee solicitor could help you seek compensation and hold your employer accountable for their data processing activities.

For more information, you can:

  • Call on 0333 241 2521
  • Speak with an advisor via the contact form

 

Data Protection Law in the Workplace

Your employer sharing personal data amongst employees is still against the Data Protection Act, regardless of how free the workplace culture can be. Your employment contracts and employee handbooks give cautionary statements that disclosing such employee data, even with an employee’s permission, is a breach of data protection obligations in both the Data Protection and Equality Act.

As for the private lives of employees, whilst it’s not illegal to talk about, it’s important to respect other employees. Disrespect can lead to a phone call to the HR department and disciplinary action likely will follow. HR functions to protect other co-workers from ill-treatment and lack of equality.

A lot of this information is laid out in the employee records. Nonetheless, personal data and company information, such as proprietary data, insider information and trade secrets are all topics that must be kept confidential to stay on the right side of employers and the law.

My Manager has Breached My Confidentiality UK – What Are My Rights?

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, certain parties have a responsibility to protect your personal data. Personal data is any information that identifies you or that could lead to you being identified i.e. your name or email address. Some sensitive personal data warrants extra protection due to its nature and is classed as special category data. Examples might include trade union membership status. 

Data controllers and processors must comply with data protection legislation. Data controllers decide why and how your personal data is used, while data processors are responsible for processing your data on the controller’s behalf. In some circumstances, certain employers must appoint a data protection officer, especially if they are involved in large-scale data processing or process sensitive or special category data.

Your employer, as a data controller, must adhere to these key data protection policies. As such, they must have a lawful basis for processing your personal data. If they share an employee’s personal data without a lawful basis for doing so, this could be considered a breach of data protection. 

If your personal data held by your employer has been compromised following a breach of the UK GDPR at work, and this causes you emotional harm, financial loss, or both, you may have valid grounds to start a data breach claim against your employer.

The same applies if your employer shares or transfers your personal data using a third party, such as a payroll provider. There is a responsibility for ensuring the third party is compliant with GDPR when it comes to processing employee data.

Examples Of Employer Data Breaches

If you are unsure how an employer data breach could occur, we’ve listed some examples below:

  • Your employer may send a letter containing your personal information to the wrong postal address, despite having your correct home address on file.
  • An email data breach can happen if your employer fails to use blind carbon copy (BCC) when sending out an email to employees, meaning others can view your email address. 
  • Hackers could access your personal data if your workplace’s internal online security systems lack the appropriate encryption software.

Can I Make A Claim For An Employer Data Breach?

In order to have an eligible claim for data breach compensation, you’ll need to gather evidence that can highlight the following:

  • Your employer when processing personal data has failed to comply with the UK General Data Protection Regulation and the Data Protection Act 2018.
  • Your personal data stored has been compromised in a breach as a result.
  • You have subsequently suffered psychological harm and/or financial loss.

 

Useful evidence you could obtain to support your data breach claim include:

  • A letter of notification from your employer that confirms your personal data was compromised in a breach. Your employer must inform you without undue delay when your rights and freedoms are at risk. 
  • Any correspondence with your employer regarding the breach. For example, you may have raised a complaint via email or by sending a letter. 
  • Any correspondence with the Information Commissioner’s Office (ICO). You can report a suspected breach to the ICO, an independent body that upholds UK data subjects’ rights and freedoms.
  • Medical evidence that can prove you have suffered mental health harm i.e. your medical records or a report from an independent medical expert. 
  • Evidence of financial loss, such as a bank statement. 

 

Is There A Time Limit For Data Breach Claims?

Generally, you’ll have six years to start a data breach claim. If the claim is against a public body, this is reduced to one year.

You can get in touch to find out more about the time limits and how long you have to seek compensation for a data breach in an employment context.

Make A Claim With A No Win No Fee Data Breach Solicitor

A No Win No Fee data breach solicitor could assist during the claims process by offering a Conditional Fee Agreement (CFA). Under this type of No Win No Fee arrangement, they’ll offer the typical benefits of a solicitor, such as gathering evidence on your behalf.

Additionally, a No Win No Fee solicitor offering their services under the terms of a CFA usually won’t charge any fees for their work upfront or whilst the claim is ongoing. If your data breach claim is unsuccessful, you won’t pay your solicitor for their services. A legally capped success fee will be taken from your settlement if your claim does succeed. 

To learn more about when you could make a claim following an employer data breach, please contact an advisor. To do so, you can:

  • Call on 0333 241 2521
  • Speak with an advisor via the contact form

 

How Much Employer/Manager Data Breach Compensation Can I Claim in the UK?

It is quite hard to pinpoint the exact amount that can be made through a violation of data protection laws by an employee, and the following information can easily shift based on judicial decision-making. However, take these as average estimates:

Minor Breach – Minor breaches can be described as non-sensitive data being leaked, or a breach that is solved and concluded quickly. They tend to yield compensation of around £1,000 to £3,000.

Moderate Breach – Moderate breaches often involve highly sensitive data, such as bank account information. What makes them moderate is how much they tend to lose financially. Emotional distress is also taken into account, of course. You can expect to see a range of £3,000 – £10,000.

Serious Breach – This is a breach that involves highly sensitive data alongside significant financial losses, with emotional distress playing a high factor. You can expect compensation of around £10,000 to £25,000.

Severe Breach – These are considered cases of absolutely catastrophic failure to protect information, resulting in high losses in emotional health and financial status. You can expect compensation awards of £25,000 and above.

Eleanor Watts

Eleanor Watts is a skilled solicitor who specialises in handling data breach cases and leads the dedicated team at the Data Breach department. Her journey began at the University of Nottingham, where she earned her law degree, and later pursued her masters in law from the University of Law. Becoming a qualified solicitor in 2021 after completing her training, Eleanor's focus turned to data protection and privacy claims, a field she's excelled in since the implementation of GDPR in 2018.

We're ready to help you get the compensation you deserve

Alternatively, give one of our solicitors a call free on 0333 241 2521

Lines open 9am – 5pm Mon to Fri

Has your data been handled incorrectly?