Claiming Compensation For HR Data Breaches
This guide will explain under which circumstances you’re potentially eligible to claim for an HR data breach. In order to hold a valid claim, the data breach must have been caused by wrongful conduct resulting from an action or inaction by the data controller or processor who had a responsibility for your personal data. Controllers control the means of data processing and are usually an organisation or company. They can outsource their data processing to a processor or do it in-house. Under data protection laws, personal data such as your contact details must be protected. Failure to protect and keep secure this data can mean those responsible for your data could be claimed against should a personal data breach occur and result in mental injury or financial losses.
Please contact us for free to see if you could claim for a personal data protection breach.
- Contact us online for more information.
- Call us on 0333 241 2521
- Use the live chat feature for instant help.
Choose A Section
- A Guide To Claiming For An HR Data Breach
- Examples Of An HR Data Breach
- What Compensation Could You Receive From A Data Protection Breach Claim?
- Evidence In A Breach Of Data Protection Claim
- How No Win No Fee Solicitors Could Help You Claim
- Learn More About Claiming For An HR Data Breach
A Guide To Claiming For An HR Data Breach
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) run alongside each other to protect UK residents’ personal data.
The legal definition of a personal data breach is found in Article 4 of the UK GDPR, which states it is a “breach of security leading to the unlawful or accidental destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”.
The UK GDPR and the Data Protection Act 2018 state that data controllers and processors are responsible for protecting your personal data. Failure to do so could lead to a breach of your personal data. This security issue affects your personal data’s confidentiality, availability, and integrity. When making a claim for data breaches, the fault must be with the data controller or processor.
Personal data is classed as any information that could be used to identify you either when processed by itself or in combination with other personal information. This could include your name, email address, phone number, and postal address. There is also personal data known as special category data, such as health data and information relating to your racial or ethnic origin and trade union membership, which is given extra protection.
To claim for a data breach, you should be aware of the time limit for starting a claim. You generally have 6 years to start a claim or 1 year if the claim is against a public body. You must also meet the data breach compensation criteria set out in Article 82 of the UK GDPR;
- Data controller or processor failed to adhere to data protection legislation in a way that correctly protected your data.
- This resulted in a breach that affected your personal data,
- You suffered mental and/or financial damage.
Examples of An HR Data Breach
Here we are going to look at examples of how personal data can be breached. Breaches can happen due to human error and cyber means. They can also be accidental or deliberate actions.
Data breach examples could include:
- An email containing your personal details and salary or tax information is being sent to the wrong email address.
- Your medical condition is being detailed over the phone without permission.
- Details of your job performance assessment which may have disciplinary information being sent to your old address after you had already supplied your employer with your up-to-date details.
Call our claims team today to find out if you could make a claim for an HR data breach.
What Compensation Could You Receive From A Data Protection Breach Claim?
Two areas of compensation could be awarded in a successful claim. Non-material damage compensation reimburses you for any psychological injuries you sustain due to the breach. For example, this could be stress or post-traumatic stress disorder (PTSD). You must be able to prove that you have suffered harm in order to claim under these headings.
Material damage compensation relates to financial losses you sustained from the breach. This includes money stolen from your bank account, debt accrued in your name, and negative effects on your credit score.
To see how much compensation your claim may be worth, we’ve included a compensation calculator table below, using information from the Judicial College Guidelines (JCG). The JCG is also used by legal professionals to value compensation claims across a range of subjects. The table below demonstrates guideline amounts for non-material damage. However, it’s important to remember that these are guidelines only, and not guarantees.
| Type of Harm | Severity | Description | Compensation |
|---|---|---|---|
| General Psychiatric Injury | Severe | The injured person will find it very difficult to cope with life, education, or work. | £54,830 to £115,730 |
| General Psychiatric Injury | Moderately Severe | The injured person will have day to day issues in coping with life, education, or work. However, there will be a more optimistic prognosis and therefore a better chance of recovery. | £19,070 to £54,830 |
| General Psychiatric Injury | Moderate | The injured person may have some issues with their life, but this category is specific to those who have made a marked improvement by trial, with a positive road to recovery. | £5,860 to £19,070 |
| General Psychiatric Injury | Less Severe | The length of time the person is affected by the condition will be taken into account in this category. | £1,540 to £5,860 |
| Post Traumatic Stress Disorder (PTSD) | Severe | These cases involve permanent effects which prevent the injured person from working at all, or at least from functioning at anything compared to what they could do pre-trauma. The symptoms suffered may include nightmares, intense flashbacks, mood disorders or suicidal ideation. | £59,860 to £100,670 |
| Post Traumatic Stress Disorder (PTSD) | Moderately Severe | This category is distinct from above because of the better prognosis which will indicate some recovery with professional help. However, the effects are likely to cause some disability for the foreseeable future. | £23,150 to £59,860 |
| Post Traumatic Stress Disorder (PTSD) | Moderate | This category is for injured people who have largely recovered from their PTSD symptoms. The continuing effects from their PTSD will not be too disabling. | £8,180 to £23,150 |
| Post Traumatic Stress Disorder (PTSD) | Less Severe | In these cases, close to a full recovery will have been made and only minor symptoms will persist over a longer period. | £3,950 to £8,180 |
Evidence In A Breach Of Data Protection Claim
It is important to seek guidance on claiming for a breach of the UK GDPR if you are unsure about the process. Providing evidence is crucial when attempting to claim compensation.
Firstly, a data controller must inform you of a breach of your personal data if it infringes on your rights without delay. Correspondence between you and the organisation could help you establish how the data breach occurred and who is liable. This can be used as evidence.
Secondly, you will want to collect evidence of your mental harm. This can be your medical records or any counselling sessions.
And thirdly, if you have suffered any financial losses or will do in the future, you will need evidence of this material damage in order to receive reimbursements. This can be in the form of bank statements, invoices and receipts.
After a breach, you can make a complaint directly to the organisation responsible. If no satisfactory response is given, or they do not respond, you can report the breach to the Information Commissioner’s Office (ICO).
The ICO is a public body which is responsible for upholding rights and freedoms of data subjects. They can investigate incidents and take enforcement action against organisations that have breached data protection laws. You do not need to have complained to the ICO to claim compensation.
How No Win No Fee Solicitors Could Help You Claim
A No Win No Fee agreement is an arrangement between you and your solicitor. This helps you access legal counsel and provides certain benefits. For example, under an agreement known as a Conditional Fee Agreement (CFA), if your breach of data protection claim is unsuccessful, you generally won’t have to pay a fee for your solicitor’s services; therefore, a large benefit of using a CFA is that you don’t have to pay any upfront or ongoing fees to your solicitor for them to begin work on your claim. You only pay a success fee at the end of a successful claim.
It is important to recognise that not all solicitors offer to take cases on a No Win No Fee basis, but all our panel solicitors work their cases in this manner.
Get in touch with our team today and work with our panel of solicitors on a No Win No Fee basis.
Learn More About Claiming For An HR Data Breach b
Thank you for reading this article. If you have any other questions, please get in touch using the details below.
Please contact us for free to see if you could claim for a personal data protection breach.
- Contact us online for more information.
- Call us on 0333 241 2521
- Use the live chat feature for instant help.
We have also provided some additional resources below that you may find beneficial.
- NHS – Mental Health
- GOV – Data Protection
- National Cyber Security Centre – Guidance
- ICO – Make a complaint
Learn About Different Types of Data Breaches and How to Claim Compensation
Contact our advisors today to learn more about making a claim after an HR data breach or if you would like to receive free legal advice from a member of our team.
