How Do I Complete A Data Breach Report For A Compensation Claim?

If you’ve been harmed by a personal data breach, then completing a data breach report could help to support a compensation claim. In this guide, we look at what a data breach is and the steps you could take in anticipation of a claim.

Data breach report guide

There are two pieces of legislation that protect personal data in the UK. These are the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Organisations that process personal data need to adhere to these pieces of legislation.

The Information Commissioners’ Office (ICO) is the regulatory body that upholds the rights of data subjects; they can fine organisations who are in breach of these laws. Data subjects are the natural persons to whom personal data relates.

Contact our team of advisors for more information on how to file a report or to see if you could begin a claim following a breach of your personal data. Available 24/7, they can provide you with a free consultation regarding your case.

Making a claim online
Using the live chat feature on this page
Calling 0333 241 2521

Choose A Section

What Goes Into A Data Breach Report?
How Much Compensation Is A Data Breach Worth?
Data Breach Examples.
How Do I Complete A Data Breach Report?
When Can I Get A No Win No Fee Agreement?
Further Information On Data Breach Reports.

What Goes Into A Data Breach Report?

Personal data breaches are defined as security incidents that affect the integrity, availability, or confidentiality of personal data. Personal data describes information that is stored physically or digitally, and that can be used, in isolation or combined with other information, to identify someone.

A personal data breach could occur as the result of human error or because of a malicious act on the part of someone who wishes to use the data for their own gain. You can claim for both kinds of breaches, provided that they were caused by the positive wrongful conduct of the organisation that was processing the data.

A data controller is a party that decides how and why your personal data is processed. Sometimes, they will process the data on their own. However, in some cases, they will outsource the data processing to a third party, known as a data processor. Both data controllers and processors have a responsibility to protect personal data.

Some forms of data are more sensitive and therefore require more protection. This is called special category data. This includes personal data relating to trade union membership, sexuality and health data (for example, personal data relating to medical conditions or disability).

For more information on how a data breach report could help to support a claim, speak with an advisor.

How Much Compensation Is A Data Breach Worth?

The Judicial College Guidelines (JCG) is a document that is used by legal professionals to help value non-material damages in data breach claims. Non-material damages relate to the psychological injuries and distress that a data breach has caused. In extreme cases, this could include post-traumatic stress disorder (PTSD).

The JCG has traditionally been used to value personal injury claims. However, the case of Gulati & Others vs MGN Ltd resulted in a ruling which stated that these guidelines can now be used to value mental harm in data breach claims.

We have included a table below using excerpts from these guidelines. However, the amount you actually receive in a claim might vary. Speak with an advisor for a more accurate assessment of your claim.

Injury	Severity	Compensation Bracket	Notes
Mental Injuries	Severe	£54,830 to £115,730	Marked problems with relation to ability to cope with life, relationships with others and vulnerability in the future. Poor prognosis.
Mental Injuries	Moderately Severe	£19,070 to £54,830	Significant problems with ability to cope with life, relationships with others and vulnerability in the future. More optimistic prognosis than in above bracket.
Mental Injuries	Moderate	£5,860 to £19,070	The sort of problems related to ability to cope with life, relationships with others and vulnerability in the future. However, a good prognosis and marked improvement will have been made.
Mental Injuries	Less Severe	£1,540 to £5,860	The amount that is awarded will, in part, depend on how badly the symptoms affected sleep and daily activities.
PTSD	Severe	£59,860 to £100,670	The injured person cannot function how they did before the trauma. Negative impact on all areas of life.
PTSD	Moderately Severe	£23,150 to £59,860	There will be a better prognosis for recovery with the help of a professional than in more serious cases. Disability of a significant nature will persist for the foreseeable future.
PTSD	Moderate	£8,180 to £23,150	A largely full recovery will have been made. Any ongoing symptoms will not cause great disability.
PTSD	Less Severe	£3,950 to £8,180	The length of the period of disability and the extent of the interruption to daily activities and sleep were affected will impact the award amount.

You could also receive data breach compensation for material damages. This could be appropriate if you have lost money as a result of the breach.

You will need to show evidence of your losses alongside a data breach report to show how you’ve been impacted. Speak with our team today for free legal advice.

Data Breach Examples

In order to claim for a breach, it must have caused you harm. If you were not affected by the breach at all, or if you were impacted to a minimal degree, then you might not be able to claim.

Below, we’ve included examples of data breaches that could occur. However, if you don’t see your circumstances included in this guide, then you may still be able to claim. Speak with an advisor for more information on whether you have a valid case.

Your employer accidentally sent an email that was only meant for you to the whole office. As a result, your disciplinary records are exposed to all of your colleagues. You feel anxious and depressed as a result.
You’re a witness to a crime, and the police mistakenly send out a document with your information to the accused person’s family. As a result of this police data breach, you fear retaliation and feel you’re unsafe.
Your mortgage broker sends out a letter to your old address, despite you having updated your address with them. As a result, your abusive ex-partner can see where the new house you bought is.
Your personal data was involved in a wage data breach, and this information was used to create a realistic phishing scam that allows someone to access your bank account. This causes you to lose money as a result.
Your personal data was exposed in an accountant data breach and this information was used to steal your identity and open up a credit card in your name. This could damage your credit score.

For more information on making a claim and how a data breach report could help you do so, speak with a member of our team today.

Data Breach Statistics~

The ICO published a report on the last financial quarter of 2021/22. This outlined the number of data breach reports and the sectors they occurred in.

In total, there were 2,172 data security incidents reported in this timeframe. The most commonly reported kind of incident was data being emailed to the incorrect recipient. The second-most commonly reported category, after “other non-cyber incidents”, was unauthorised access to personal data.

How Do I Complete A Data Breach Report?

If a data breach occurs that threatens your rights and freedoms, then the organisation responsible should tell you about this without undue delay. Furthermore, they should inform the ICO about this within 72 hours.

In some cases, you might be concerned about how your personal data is being processed without having been told about a breach; if so, you can contact the organisation in question and raise any concerns with them.

If a breach has occurred, then the organisation may offer to compensate you for it directly. However, you should be aware that if you accept this, then you cannot then go on to make a claim.

If you’re not happy with how the organisation has handled your concerns, you can report the issue to the ICO. However, if you wait longer than 3 months since your last meaningful communication with them, they might not investigate; for this reason, we recommend reporting to the ICO as soon as possible.

For more information on making a data breach report, speak with an advisor today.

When Can I Get A No Win No Fee Agreement?

When you bring a strong claim to a solicitor, they may offer to represent you with a No Win No Fee agreement in place. A Conditional Fee agreement is a popular kind of No WIn No Fee agreement.

With this kind of agreement in place, you won’t pay anything at the start of the claim or as your lawyer works on it. Furthermore, if your claim fails, there’s nothing to pay for their services at all.

If you win your claim, the solicitor will deduct a “success fee” to cover their costs. This will be a pre-agreed percentage of the data breach compensation you receive.

If you have further questions about submitting a data breach report or would like to make a claim, contact us. Our team of advisors are available 24/7 and can give you a free consultation.

Making a claim online
Using the live chat feature on this page
Calling 0333 241 2521

Further Information On Data Breach Reports

For more information on data breach claims:

Reporting A Breach To The ICO

Anxiety Guidance From The NHS

National Cyber Security Centre Incident Management

If you have any more questions on how a data breach report could benefit your claim, speak with an advisor today.

Writer Ryan Wall

Publisher Fern Stanhope

Data Breach Reports For Claims