Has your data been breached? You may be wondering how to sue for data breach compensation? New legislation and regulations mean that our personal data is protected now more than ever. A data controller – usually an organisation that needs our data – has to secure any personal data they collect. We are data subjects – we supply our data to these data controllers – we now have more rights than ever over our data.
If you suffer a personal data breach because the data controller did not take the correct steps to keep it secure you could be entitled to sue for data breach compensation. With the right evidence showing how a third party has allowed your personal data to be breached you could be eligible to pursue a data breach claim. For instance, if a data controller did not protect their online workspace with a cyber security system, allowing hackers, to gain access to your personal information a data breach has occurred that you may be eligible to claim for.
In some cases, a data breach can cause lasting financial damage. Data breaches can even affect wider aspects of your life, such as your relationships and your mental health.
A Guide To Claiming Compensation
If you have evidence to support a data breach claim, then you may choose to hire a solicitor to support it. If so, we’d always recommend hiring a solicitor who has previous experience in handling data breach claims. This could boost your chances of securing the maximum amount of compensation that you may be entitled to.
Our team of specialist advisors are on hand 24/7 to give you an initial consultation, free of charge. If they think you have a valid data breach claim, then they can connect you to our panel of data breach solicitors that can begin working on your case right away. What’s more, our panel of solicitors always work on a No Win No Fee basis.
So, whether you’d like a free consultation to learn more about your situation or you’re interested in learning how our panel of data breach solicitors could help you, please don’t hesitate to get in touch with us today:
- Complete a contact form to arrange a call back
- Use our chat feature to speak to one of our advisors live
- Call us on 0800 408 7827
Select a Section
- How To Sue For Data Breach Compensation- A Guide To Claiming Compensation
- Why Would You Sue For A Breach In Data?
- What Is GDPR Compliance?
- How Can GDPR Be Breached?
- Data Protection Breach Statistics
- What Should I Do If I Experience A Breach Of My Data?
- What Is The Average Payout For A Data Breach Claim?
- No Win No Fee Data Breach Solicitors
- How To Find Data Breach Claims Lawyers
- Discuss Your Case
Firstly, we’ll begin by addressing some commonly asked questions asked by data breach victims, such as:
- Why would you sue for a data breach?
- What data breach laws are in place to protect your privacy?
- How can a breach of these laws occur?
- How much compensation could I be entitled to for a data breach claim?
- What should I do if I fall victim to a data breach?
Furthermore, we’ll provide our top tips on what steps you could take in order to give your claim the best chances of success, including:
- Having a data breach solicitor to handle your case for you
- Using a No Win No Fee agreement
- How to find the best legal service for you
If you’d like to see how our panel of solicitors could help you sue for data breach compensation, please don’t hesitate to get in touch with one of our specialist advisors today. They can offer you an initial consultation, free of charge, where you could learn everything outlined in this article and more.
Limitation Periods on Data Breach Claims
There is usually a time limit that states when your claim must begin. So if you wait too long before commencing legal proceedings, your eligibility for compensation could expire. If you wish to pursue a claim, then we recommend you start proceedings as early as possible.
The amount of time you have to start a data breach claim can vary depending on the circumstances. If you wish to claim against a public body, then you usually have 1 year to start your claim. Your local council or a public hospital are examples of public bodies. If another type of organisation is responsible, then the time limit is 6 years instead.
You may be able to start a data breach claim against your employer if you have evidence to support it. However, the amount of time you have to start the claim can vary.
Are you unsure whether you could be eligible to sue for data breach compensation? If so, please contact our team today and one of our specialist advisors can give you a free consultation.
Personal data is a term typically used to describe any personal information that could be used to identify the individual that it pertains to, such as:
- Contact details
- Financial information
If the privacy of an individual’s data is compromised, then this is a security incident commonly referred to as a data breach. There are various reasons why a data breach could occur either intentionally or unintentionally. For example, a company with access to some of your personal information may accidentally share it with other parties who are not meant to see it. Alternatively, criminal cyber attackers could hack into databases containing your personal information and steal it. This may happen because the company holding the information in the database has failed to set up adequate security measures.
Some other examples of cyberattacks that could lead to data breaches include:
- Phishing/spear-phishing attacks
- Password attacks
- Eavesdropping attacks
- Malware attacks
- Ransomware attacks
- Denial-of-service attacks
Please continue reading to see how data breach laws can be breached. Alternatively, please speak to one of our specialist advisors today to learn more.
Denial Of Service (DoS)
A Denial of Service is a type of cyberattack that disrupts the normal running of a service. In such cases, vulnerabilities in networks or systems are targeted, meaning no other users can access it for the time being.
Ransomware is a malicious type of malware. This may block access to personal data. Those who own or who are responsible for managing the personal data may be faced with a demand to pay a ransom to regain access to the data. If the ransom is not paid, then the personal data may be deleted or shared with other parties.
A typical phishing scam involves a fraudster posing as a reputable company or individual asking for your personal information (or in some cases, money) via email.
The safest approach is to never provide any personal details without investigating the legitimacy of the sender and their reasons for contacting you. Always check the sender’s email address to look out for fake domain names that try to mimic a legitimate person or organisation.
Here are some common types of phishing scams:
- Spear phishing
- May target an individual or organisation. The attachment in the email may be a virus that allows the networks to become infected.
- It is a highly technical phishing attack aimed at senior staff. Cybercriminals try to get money through a wire transfer.
- Smishing and vishing
- Text messages that are masqueraded as being from reputable companies to get receivers to give personal information.
- Angler phishing
- Instant messaging via social media is used to trick victims.
The General Data Protection Regulation (GDPR) is an EU directive. In 2018, the GDPR was enacted into UK law under the Data Protection Act 2018. We are no longer part of the EU so the UK has adapted the Data Protection Act 2018 and introduced the UK GDPR.
If a personal data breach occurs within an organisation and it’s likely to jeopardise the rights and freedoms of individuals, then that organisation is required to notify the Information Commissioner’s Office (ICO) within 72 hours of the incident. The organisation should also inform the affected individuals without undue delay.
If a data breach that affects you happened as a result of an organisation’s non-compliance with data protection laws, you may have grounds to sue for data breach compensation. For more examples of how a data breach could happen, please see the next section of this article or speak to one of our specialist advisors today.
A data breach can happen if a security incident leads to personal data being lost, stolen, accessed, destroyed, altered, or disclosed in a manner that does not meet the 6 lawful bases. Personal data breaches can happen through human error while others may happen because of deliberate attacks. In order for a company to be compliant with GDPR it must follow the 7 key principles:
- Be transparent, always fair and legal
- Purposed limitation.
- Keep data collection to a minimum
- Enure data is kept up to date
- Only keep data for as long as is necessary.
- Keep data secure and safe
- Be accountable for the data you collect
According to a 2021 Government survey into cybersecurity in the UK, around four in ten businesses (39%) and a quarter of charities (26%) of those who took part experienced cyber security breaches or attacks in the 2020/21 period. Commonly reported types of cyberattacks included:
- Phishing emails
- Impersonation of their organisation
- Viruses or malware, such as ransomware
If you find yourself falling victim to a data breach through no fault of your own, here are some steps that you could take towards securing your personal information:
- Change any passwords that may have been compromised as part of the breach
- Using the same passwords across multiple logins could be dangerous if just one account is compromised by a data breach. We advise you to keep each of your passwords unique and use a mix of case, symbols, numbers and letters.
- Keep an eye out for any suspicious activity on your credit report and bank account
- In the case that your data breach compromised any of your financial details, such as your credit card number, there’s a higher risk that you could fall victim to identity theft or fraud.
- Watch out for tell-tale signs of scams
- A typical phishing scam, for example, would involve a fraudster posing as a reputable company or individual asking for your personal information (or in some cases, money). Whether this is via a phone call, email or the like, you should never provide any details without investigating the legitimacy of the sender and their reasons for contacting you.
How to raise concerns about an organisation
If you’re concerned about the way an organisation is handling your data, you could raise your concerns by contacting them directly. The ICO recommends sending a letter to the organisation outlining your concerns to begin with. If the organisation is unable or unwilling to act on your concerns, then you could raise them with the Information Commissioner’s Office (ICO). You should do so within three months of your last meaningful contact with the organisation concerned.
Although the ICO doesn’t provide compensation to data breach victims, they may investigate your issue. Their findings could help support your claim if the organisation in question is found liable. Therefore, reporting your breach to them could prove to be an important step towards your payout.
Data breach cases are compensated according to the extent of material damage and non-material damage caused to the victim. With some claims, only one of these types of damages may be claimed. With others, you may be able to receive compensation for both.
Material damage can be claimed to recover any financial shortfall that the data breach has resulted in. Non-material damage aims to account for subsequent psychological harm.
In the past, it was only possible to claim for non-material damages when it was possible to claim for material damages through your data breach claim. This changed following the settlement of the Vidal-Hall v Google Inc case. In 2015, claimants of this case were awarded non-material damage alone. As a result of this ruling, all future data breach claimants aren’t required to have suffered any material damage in order to receive compensation for their suffering.
Compensation for non-material damage is valued based on the extent of the claimant’s suffering. To help estimate the value of psychological injuries, solicitors may use compensation brackets from the Judicial College guidelines. In the table below, we’ve included some of the compensation brackets included in these guidelines. The brackets cover different types of psychological injuries which you may potentially seek compensation for through a data breach claim:
|Post-Traumatic Stress Disorder (PTSD)||Severe||£56,180 to £94,470||Trauma encroaching upon many aspects of the claimant’s life, impacting their ability to function as normal and being generally disabling in nature.|
|Post-Traumatic Stress Disorder (PTSD)||Moderately severe||£21,730 to £56,180||Significant disability likely to occur for the foreseeable future. Some recovery with professional aid possible.|
|Post-Traumatic Stress Disorder (PTSD)||Moderate||£7,680 to £21,730||The effects won't be grossly disabling and should be largely recovered from over time.|
|Post-Traumatic Stress Disorder (PTSD)||Less severe||£3,710 to £7,680||Full recovery predicted to take place within 1-2 years, with only minor symptoms of the claimant’s trauma persisting.|
|Psychiatric Damage||Severe||£51,460 to £108,620||The damage will be encroaching upon many aspect of the claimant's life. Prognosis will be very poor.|
|Psychiatric Damage||Moderately severe||£17,900 to £51,460||Can apply to cases of work-related stress which cause a permanent or long-standing disability.|
|Psychiatric Damage||Moderate||£5,500 to £17,900||Can apply to cases of work-related stress. Symptoms will likely affect many aspects of the claimant's life but the prognosis will be good.|
|Psychiatric Damage||Less severe||£1,440 to £5,500||The claimant will find normal activities difficult as a result of their trauma but have a good prognosis.|
If you contact our specialist advisors, they could help estimate the potential value of your data breach claim based on the details of your case.
You may worry about the costs of hiring legal representation when it comes to making a data breach claim. Although by law, it is not compulsory to have a solicitor help you pursue your case, they do bring masses of benefits. By hiring a No Win No Fee data breach solicitor you do not have to pay them any of their fees unless your case wins. Some benefits that you can expect from this type of agreement include:
- Having no hidden or upfront fees to pay
- Not being charged by your lawyer for their legal fees if your claim fails
If your lawyer does win your claim for you, then they’ll usually subtract a small percentage of your compensation payout to cover their payment. This percentage is legally capped by law.
How do you find the best lawyer for you? It’s a common misconception that you need a local law firm. However, since the introduction of all these different types of communication outlets, it is now possible to work with a solicitor no matter where you live or they are based. If you want to meet with your lawyer that is fine but you can save a lot of time by using email, phone and video calling.
Our panel of data breach lawyers can work with you wherever you’re based. We can keep you updated on the progress of your claim via email, telephone or any other method that you may prefer. To learn more about the services that we could offer you, please see the next section or speak to one of our advisors using the number at the top of this page.
Our team of specialist advisors are on hand 24/7 to give you an initial consultation, free of charge. If they think you have a valid data breach claim, then they can connect you to our panel of data breach solicitors that can begin working on your case right away. What’s more, our panel of solicitors always work on a No Win No Fee basis. So please don’t hesitate to get in touch with us today:
- Complete a contact form to arrange a call back
- Use our chat feature to speak to one of our advisors live
- Call us on 0800 408 7827
Thank you for reading our guide on how to sue for data breach compensation. Please don’t hesitate to get in touch with us if you’d like any help from our panel.
In the meantime, please take a look through the links provided below for further direction on what you can do if you’ve suffered a data breach:
This page on the ICO can be used if you need to report a recent data breach. The page also explains the different circumstances in which an organisation should report a data breach.
This online Government page explains what action to take if you want to find out what data a particular organisation has on you.
This Government page outlines all the different types of personal data that an employer can hold about their employees without needing their permission.
Are you looking for information and support on making a personal injury claim? If so, you can also check out our compensation claim guides for different types of accidents and injuries.
Different cases which we cover include claims for road traffic accidents, cycling accidents and accidents involving a slip, trip or fall. We also have guides on claiming for specific injuries. This includes suing for a broken cheekbone or suing for concussion.
Also, learn more about how to sue for data breach compensation.