What is a Data Protection Breach ?
We all, at some point, provide businesses and organisations, personal data some of which can be quite private and often sensitive. As such organisations have a responsibility to ensure that our data is securely held, remains strictly private, is accurately recorded, and is not leaked either intentionally or unintentionally to unauthorised persons.
We at Watson Woodhouse, as an organisation, have exactly the same responsibilities in respect of the data we hold about our clients, and we take the responsibility very seriously and professionally.
The data or information held (by organisations) about us can be wide and varied; it could be our names and addresses; email addresses and telephone numbers; it could be very private medical records or financial reports, bank account details; credit card details, loans and finance details; credit histories. This is just a shortlist and a breach could involve just one of these, or worse still a combination of several items of personal information, if leaked / sent to another person or another organisation without your permission.
Where you have suffered a data breach you can claim compensation for the stress caused, even if you do not suffer any actual financial loss.
A data breach can be by post, by email, or even by publishing on a website or social media page.
A breach can occur if for example some of your personal records are physically handed to and read by someone who was not authorised to receive those records.
It is not unusual to hear of companies having their websites “hacked” by cybercriminals, whose sole aim is to steal personal date for their own financial gain. If it is your data that has been accessed by the criminals then you may be able to claim compensation. It is the companies responsibility to ensure the website security prevents such attacks.
In today’s digital and online purchasing world, we hand over more and more of our personal data to companies when we shop online, often without really thinking about what those companies might do with our information. Nowadays, especially during and subsequent to the Covid Pandemic, online purchasing has hugely increased, and it is inevitable that related data breaches will become more frequent.
A Data breach can lead to financial loss, and it can perhaps impact on your reputation, but it might also cause you to suffer unnecessary stress for which you are entitled to compensation, or “damages” as it is often referred to.
The Data Protection Act 2018 controls how personal information is used by organisations, businesses, or the government. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). The legislation stipulates how organisations should look after your data and personal information. The law also sets out what action should be taken by a company or organisation when a breach has occurred.
From our experience a large number of companies, public authorities, or organisations do not necessarily follow the correct procedure when a data breach occurs.
Organisations must notify the Information Commissioner’s Office (ICO) of a data breach within 72 hours of becoming aware of it, even if they are not aware of the full details.
The ICO website helpfully defines a personal data breach as follows “A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is accidentally lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable and this unavailability has a significant negative effect on individuals.”
The ICO reports that
- 37% of companies in the UK have reported a data breach incident to them in the past 4 weeks.
- 33% of UK companies claim they have lost customers due to a data breach.
- 44% of consumer’s claim they will never return to a business after their data has been breached.
How we can help
Here at Watson Woodhouse we are well aware of the effects that a data breach can have both financially and psychologically. Sometimes it can stem from identity theft, or the sending of very personal and sensitive medical or personal history. The impact can often be far greater reaching not just with financial loss, or loss of reputation, but also significant stress, anxiety and possibly a specifically diagnosed psychological injury. The psychological effects of a data breach can often be long lasting, and perhaps worse than any actual financial loss.
Our team of specialist solicitors regularly help clients who have experienced a data breach, or a breach of privacy, and have suffered as a result. We understand that it can be extremely distressing when personal and sensitive private information or data is leaked or perhaps lost, and we consider each and every claim with compassion and understanding. We always strive to achieve an appropriate resolution to the problem, whether that is the recovery of any personal data, an apology, or an assurance of appropriate reporting to the ICO.
We will also endeavour to arrange any necessary medical examination and necessary treatment for clients where a data breach has had such a significant psychological effect, and of course we will ensure that our clients receive appropriate compensation. We will do all we can to eliminate or reduce the stress caused by the breach and help and guide you through the process, whilst providing professional legal advice.
We have successfully recovered compensation for clients in the following scenarios:-
- Data inadvertently lost, hacked or leaked.
- Identity Theft with subsequent obtaining of credit cards fraudulently.
- Personal data sent to a third party without permission.
- Organisations failure to maintain up-to-date, accurate information about the client which led to a data breach and financial loss.
- Personal information misused or mishandled.
- Medical records / reports containing sensitive personal information sent to incorrect addresses.
- Court summonses containing highly sensitive information / allegations served at incorrect addresses
- Court documents / orders disclosing confidential addresses disclosed to third parties compromising clients security
How do I make a data protection claim?
If you discover that you have been subjected to a data breach then you should report this to the organisation concerned, inform them of the stress, distress, embarrassment, fear or psychological injury caused, and put them on notice of any financial loss incurred or likely to be incurred as a result of damage to reputation for example.
You could also consider reporting the matter to the ICO. However the ICO cannot award you compensation or order that the at fault organisation pay you compensation, or advise you as to the value of your claim.
However, our experienced solicitors can do all of this for you, and then begin the process of seeking redress and claiming compensation for you from the organisation concerned. We will provide you with advice as to the value of damages you could be awarded. If necessary, we will pursue the claim all the way to a court hearing to ensure we achieve a favourable outcome.
How much compensation will I receive?
You may be entitled to claim compensation for:-
- Misuse of your private information
- Loss of control of your data
- Breach of confidence
- Financial Damage caused
- A breach of your Human Rights
The amount of any compensation settlement agreed or awarded by a court is variable depending on the nature and circumstances of any claim. This can range from relatively small sums where the effect of the breach is relatively minimal, such as £750.00, to perhaps as high as £25,000 if distress or psychological injuries are suffered.
The current legislation does not stipulate how much compensation should be awarded in each case. We have to look at the individual circumstances, calculate any financial loss, and consider the full effects and impact the breach has had on a person in order to properly value any claim. Our experienced solicitors will use their extensive knowledge and expertise, and refer to case law to accurately value your claim and advise accordingly.
On average claims can take around 6 months to conclude, however this can often be longer, especially if the recovery from any psychological injury caused by the data breach is prolonged, or if the financial consequences of a breach take time to properly assess.
We can deal with your claim on a No Win No Fee basis. We will be able to quickly assess your claim and provide professional advice at no cost to you. Whilst dealing with your claim we will keep you fully informed throughout the process. Our team of professionals will ensure that you receive an exceptional standard of service from ourselves, along with appropriate compensation for your financial and / or emotional suffering.
If an organisation has failed to properly process, protect and keep secure your personal data, and you have suffered as a result, we will be able to help. Contact us today on 01642 257656 for your free confidential conversation with one of our solicitors.