This guide aims to answer questions such as ‘when should a data breach be reported?’, ‘can I get compensation for a data breach?’ and ‘how much is a data breach claim worth?’.
When should a data breach be reported?
If your personal data has been compromised due to the failings of an organisation, it could negatively affect you emotionally and financially. However, you may be able to seek compensation for the impact the breach has had on you if your claim meets the relevant criteria. We will explore this further throughout our guide.
Additionally, we will explore what a personal data breach is and provide examples of how they could occur.
Furthermore, we will discuss how working with a data breach compensation No Win No Fee solicitor help if you are concerned about the cost of accessing a solicitor’s services.
To learn more about when you could make a data breach claim, please continue reading. Alternatively, get in touch by:
- Calling 0333 241 2521
- Messaging via the live chat feature below
- Fill out our online form to learn how to make a claim
Choose A Section
- What is a Data Breach?
- When Should a Data Breach Be Reported?
- Examples of a Data Breach
- Data Breach Claim Value – Potential Payouts
- Why Use No Win No Fee Solicitors?
- Learn More About When Should a Data Breach Be Reported
What is a Data Breach?
Before exploring the answer to the question ‘when should a data breach be reported?’, it’s important to understand what a data breach is and how they can occur. A breach of personal data involves a security incident that has led to the accidental or purposeful loss, destruction or alteration of your personal information. It can also include your personal information being disclosed or accessed in an unauthorised way.
In order to claim data breach compensation, you must be able to prove a data controller or data processor failed to adhere to data protection law leading to your personal data becoming compromised and causing you either monetary loss or psychological harm.
A data controller decides on the purpose for processing your personal data. A data processor acts on behalf of the data controller to process your personal data. However, a data controller can also process data themselves.
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) data controllers and processors have a responsibility to protect your personal data. Additionally, if you suffer damage following a data breach that has compromised your personal data, Article 82 of the UK GDPR sets out your right to seek compensation.
Please continue reading to learn when a breach of your personal data should be reported.
When Should a Data Breach Be Reported?
In some cases, you may suspect a data breach has occurred. For example, you may notice money has been withdrawn from your account without your consent or you might overhear your manager discussing your disciplinary records with another member of staff who doesn’t have authorisation.
In these cases, you can contact the organisation directly. This provides the opportunity to ask how the breach occurred and what information was compromised.
When an organisation becomes aware of a breach that has compromised your personal data, they must notify you without delay if it has put your rights and freedoms at risk.
Additionally, an organisation should report a data breach that has risked the rights and freedoms of a data subject to the Information Commissioner’s Office (ICO) within 72 hours. The ICO is an independent UK organisation that is in place to uphold the rights and freedoms of data subjects. They offer information about the steps organisations can take to protect the personal data that they are processing.
If you have contacted the organisation directly and have either not received a response or received an inadequate response, you could make a data breach report to the ICO. This could lead to the ICO investigating the incident.
It is important to note that you cannot seek compensation through the ICO. You’re also not required to inform the ICO of the incident if you want to make claim for a data breach.
If you’re still wondering ‘when should a data breach be reported?’ our team of advisors can help. They can also discuss your potential claim. Get in touch on the number above.
Examples of a Data Breach
Personal data is information that can be used to identify you, such as your name, email address, postal address and phone number. Additionally, there is a category of personal data known as special category data which is information that is more sensitive and is given more protection under the UK GDPR. Both physical and digital personal data is protected under data protection law.
Below, we have provided different examples of a data breach:
- Medical conditions data breach: Your GP sends an email to the wrong person about an appointment you have for a specific medical condition.
- Wage data breach: Your employer sends your payslip to the wrong person giving them access to your personal information, including your national insurance number and address.
- Police data breach: A report containing your personal information as a witness isn’t redacted before being shared, resulting in unauthorised personnel accessing your personal data.
Please note, not every instance of a data breach will form the basis of a valid claim. However, if you have suffered financially or psychologically, such as developing anxiety or emotional distress due to your personal data being compromised, get in touch with our team on the number above.
An advisor can provide guidance on when you might be eligible to claim. They can also help you understand the answer to the question ‘when should a data breach be reported?’.
Data Breach Claim Value – Potential Payouts
As part of your settlement, you could receive compensation for non-material damage which relates to the psychological injuries you suffered as a result of the personal data breach. This can include post-traumatic stress disorder (PTSD) and depression.
Our table below shows compensation guidelines for non-material damage that are taken from the Judicial College Guidelines (JCG). This publication is used by legal professionals to help them value this head of claim.
| Injury | Guideline Compensation Bracket | Other Details |
|---|---|---|
| Severe Psychiatric Injury (a) | £54,830 – £115,730 | The prognosis is poor and the person experiences significant problems with different areas of their life. |
| Moderately Severe Psychiatric Injury (b) | £19,070 – £54,830 | Whilst there have been significant problems, the prognosis will be more optimistic. |
| Moderate Psychiatric Injury (c) | £5,860 – £19,070 | The person will experience an impact on different areas of their life but there will be a significant improvement and a good prognosis. |
| Less Severe Psychiatric Injury (d) | £1,540 – £5,860 | The award given will consider how badly the person has been affected and for how long. |
| Severe PTSD (a) | £59,860 – 100,670 | All aspects of life are negatively affected and the injured person cannot function as they did before the trauma. |
| Moderately Severe PTSD (b) | £23,150 – £59,860 | Professional medical help can improve some effects, but significant disabilities are still possible. |
| Moderate PTSD (c) | £8,180 – £23,150 | There will be some ongoing issues that aren’t majorly disabling but the person will have made a significant recovery. |
| Less Severe PTSD (d) | £3,950 – £8,180 | A mostly full recovery within a couple of years. |
Please note that the figures above will not provide you with an accurate estimate for your data breach compensation claim. This is due to the different factors considered when valuing the harm you have sustained. As such, you should only use the figures as a guide.
Alternatively, you can call our advisors today for a personalised compensation estimate.
What Else Could I Receive From a Data Breach?
You could also receive compensation for material damage which relates to the financial losses you sustained as a result of the personal data breach. This includes money that was stolen from your bank accounts and any negative effects on your credit score. Both of these incidents can cause you financial issues in the future, depending on the severity of the breach and how much money you have lost.
In order to claim material damage, you must provide evidence of your losses. For example, you could provide credit card or credit score statements as well as statements from your bank.
Why Use No Win No Fee Solicitors?
Our data breach claim solicitors can work with you on a No Win No Fee basis. This allows you to access the services our panel of solicitors offer without having to pay any fees upfront or for the duration of your claim. There are also no fees to pay for your solicitor’s services if you’re unsuccessful in receiving compensation.
In the event that you are successful in receiving compensation at the end of your claim, your solicitor will take a success fee. This legally capped fee will be taken from your compensation.
These are terms under a type of No Win No Fee service known as a Conditional Fee Agreement (CFA). If you have a valid claim, you may be able to work with one of our panel solicitors. Find out more by contacting us via the details below.
Contact Us For Free Legal Advice Today
If you’re still wondering ‘when should a data breach be reported?’ or you would like to discuss your potential data breach claim, contact our advisors via:
- The live chat to connect with us instantly
- Our telephone number 0333 241 2521
- Our ‘make a claim’ form
Learn More About When a Data Breach Should Be Reported
We’ve provided some links to external sources that may help you with your claim.
You could get more information by reading our other guides:
We hope our guide discussing the question ‘when should a data breach be reported?’ has helped. However, if you need any further support, our advisors are available 24/7 to help.
Writer Jess Aloe
Editor Meg Morgan
