How To Claim For A Data Breach

If you’re thinking about how to claim for a data breach, this article could be just what you need. In it, we’ll discuss what data breaches are, who can handle personal information lawfully and what the claims process involves. 

how to claim for a data breach

A guide on how to claim for a data breach

If you have any questions, why not get in touch? Available 24/7, our advisors can give you an obligation-free consultation. If you have strong grounds for a claim, they could connect you with our panel of data breach solicitors. 

Contact us by 

  • Calling the number at the top of the screen
  • Using our make a claim form
  • Leaving a message using our live chat

Choose A Section

  1. Guidance On How To Claim For A Data Breach
  2. A Definition Of Data Breaches
  3. Causes Of Data Breaches
  4. How To Claim For A Data Breach – Compensation Amounts
  5. Benefits Of Using No Win No Fee Lawyers
  6. Further Information About How To Claim For A Data Breach

Guidance On How To Claim For A Data Breach

Whether the result of malicious activity or an accidental breach, you may want to know how to claim for a personal data breach. This is because both options can cause significant financial and emotional damage and potentially leave you vulnerable to further breaches.

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, organisations that are involved in the processing of personal data should take measures to protect it. Data controllers are organisations that decide how and why your personal data will be processed. Data processors are organisations that may, on behalf of the data controller, process personal information.  

Personal information or personal data is information that can be used to identify you, whether in combination with other data or directly. Examples include:

  • Your name
  • Biometric data (for identification purposes)
  • Your address
  • Your personal email address
  • Credit card details

The Information Commissioner’s Office (ICO) is an independent guiding authority regarding data breaches. Breaches that meet a specific set of criteria must be reported to the ICO in order to enforce data breach laws. Though they enforce data breach legislation, the ICO can’t provide you with compensation. 

In order to claim, you’d need to show that:

  • A data controller or data processor’s wrongful conduct caused the breach
  • Your personal information was involved in the breach
  • You suffered financial loss or mental harm, or both, as a result

Call our advisors if you’d like to find out more.

A Definition Of Data Breaches 

A personal data breach is a security breach leading to the accidental or unlawful destruction, loss, alteration, disclosure of or access to personal data. This applies to breaches that were both caused deliberately and accidentally and suggests that there is more to breaches than simply losing data. 

Breaches are broadly defined as incidents that affect the integrity and confidentiality of personal information. 

To claim compensation for such an event, you must prove that the breach was caused by the wrongful conduct on behalf of the data controller or data processor. Furthermore, you must prove that you suffered adverse effects from this data breach in the form of financial or psychological damages. 

Causes Of Data Breaches

Data breaches you can claim for can be caused by several factors. The causes of data breaches can depend on factors such as how the personal data is held (digitally or physically, for example).

Digital Data

Your personal information can be held digitally, online or on computer systems, for example. Causes of data breaches could include:

  • Failure to use BCC in an email, meaning that personal email addresses are exposed to other recipients of the email who aren’t authorised to see your personal data.
  • Sending an email containing personal data to an unauthorised recipient.
  • A cyberattack where cybercriminals access your personal data because they’re able to access and infiltrate unsecured online systems. 

Physical Data

Physical personal information could include written notes including your name or address. It might also include paper records stored in files. Data breaches involving physical personal data could include:

  • A failure to redact personal information on published leaflets or letters
  • Incorrect disposal of paperwork containing personal information
  • Loss or theft of paperwork containing personal information
  • Personal data posted or faxed to an unauthorised person

Verbal disclosure of personal information could also be a data breach.

Figures For Data Breaches

The Information Commissioners Office (ICO) regularly publish a security incidents report detailing the data breaches seen throughout the fiscal year. Of 9,559 breaches in 2021/22, 16.76% or 1,602 were caused by emails being sent to the incorrect recipient.

Across all four quarters, the health sector was subject to the most breaches, a total of 1,936. Of these breaches, the most common was the 390 non-cyber incidents, accounting for 20.14% of the total. Even local governments saw 922 breaches. Here, any breach could be devastating, such as the potential release of tax information.

How To Claim For A Data Breach – Compensation Amounts

There are two potential types of compensation that you could seek in a personal data breach claim.

Material Damages

Material damages are the financial repercussions that result from a data breach. As such, the data breach compensation you can claim from them will be based on the amount you lost. Breaches like this that leak your financial or banking details could cause significant losses, such as:

  • Theft from your bank account
  • Damage to your credit score

Non-Material Damages

Non-material damages account for the psychological harm you suffer due to the data breach. These can include: 

The Judicial College Guidelines (JCG) is a publication that can be used to distinguish the potential value of various injuries. This includes psychological harm.  

InjurySeverityCompensation BracketsNotes
Psychological Damages Generally (a)Severe£54,830 to £115,730The injured person will have marked problems with forming and maintaining relationships with extreme future vulnerability. Prognosis is poor and recovery unlikely.
Post Traumatic Stress Disorder (a)Severe£59,860 to £100,670Cases will involve permanent effects that will disallow the injured from functioning at a pre-trauma level, and all aspects of the person's life will be badly affected.
Psychological Damages Generally (b)Moderately Severe£19,070 to £54,830The prognosis will be more optimistic than (a) but significant problems will persist. Cases involving negligent stillbirths are considered to fall in this bracket.
Post Traumatic Stress Disorder (b)Moderately Severe£23,150 to £59,860This category will be distinct from (a) above due to the improved prognosis which will allow for some recovery with professional help. The effects of the injury however will cause significant disability for the foreseeable future.
Psychological Damages Generally (c)Moderate£5,860 to £19,070The previously mentioned problems will have been present, but there will be marked improvement by trial and the prognosis will be good.
Post Traumatic Stress Disorder (c)Moderate£8,180 to £23,150The claimant will not have any majorly disabling, persistent injuries, and will mostly recover within two years.
Psychological Damages Generally (d)Less Severe£1,540 to £5,860The period for which you suffer disabilities will be the main consideration alongside the extent to which daily activities were restricted.
Post Traumatic Stress Disorder (d)Less Severe£3,950 to £8,180A virtually full recovery will have been made within a couple of years and any symptoms that persist will be minor.

If you can’t see your injuries in the compensation table above, why not get in touch?

Benefits Of Using No Win No Fee Lawyers 

Should you launch a strong claim with a solicitor, you may be invited to do so under a No Win No Fee agreement. This is an umbrella term for several functionally similar legal agreements. However, a Conditional Fee Agreement (CFA) is applicable here. 

A No Win No Fee agreement is a funding arrangement that is mutually beneficial to you and the data breach solicitor that you are working with. Essentially, you don’t have to pay your solicitor their success fee unless the claim is successful. The success fee is a small percentage of the compensation that goes to your solicitor if the claim wins. It’s capped by law and can be negotiated in some circumstances. 

The benefits of this arrangement are multiple. Firstly, the introduction of a conditional payment incentivises your solicitor to win your case and earn you more compensation. 

Additionally, by restricting payment and sourcing it from the compensation you win, No Win No Fee agreements aim to ensure that you are not left worse off financially by claiming. These agreements can make legal representation more widely available.

Ask About How To Claim For A Data Breach

Contact our advisors for further information on how to claim for a data breach or to make a claim. Available 24/7, they can give you an obligation-free consultation about your case that is completely free.

Contact us by 

  • Calling the number at the top of the screen
  • Using our make a claim form
  • Leaving a message using our live chat

Further Information About How To Claim For A Data Breach 

If these were useful, you might want to consider the following resources.

Cyber Security Survey 2022 | GOV 

Data Breaches – Make A Complaint | GOV

Report A Breach | ICO 

Publisher Ruth Voss

Writer Ryan Wall