Technology affects every aspect of an individual’s life, from working, communication, transport, healthcare and socialisation. In a world shaped by technology, it is important to know your rights and what to do if something goes wrong.
Data breaches are becoming increasingly common, as more and more of your personal data is processed electronically. If you have suffered from a data breach, you may be entitled to compensation.
What is a data breach?
A personal data breach is a security incident that has affected the confidentiality or availability of personal data. This includes data that has been:
- Destroyed
- Lost
- Altered
- Disclosed without consent
- Accessed without consent
This includes accidental and deliberate actions. For example, if your data was accidentally emailed to the wrong person, this is considered as a data breach incident.
What can I make a claim for?
You can make a claim for data breaches that are likely to result in a high risk to your rights and freedoms, such as the right to private and family life. If you had a reasonable expectation of data privacy and the breach attains a certain level of seriousness, you may be eligible for a data breach claim.
The types of data that may be breached are:
- Personal health information
- Medical data
- Financial information
- Social services information
Your data must have been confidential and not in the public domain. For example, if your telephone number is already in a telephone directory, it will have already been accessible to the public and therefore, you may not be able to make a claim for any breaches related to this.
How must your data be protected?
The individual or organisation that stores your data is known as the ‘controller’. They are responsible for making sure that any data stored about you is lawful, fair and transparent. They are also responsible for protecting and processing your data. If there has been a data breach, they will be held accountable.
The controller must prove that the data they had collected about you was:
- Lawful
- Collected for a specific purpose
- Limited to what was necessary
- Accurate and up to date
- Stored for no longer than necessary
The controller must also prove that the data that they had processed about you was given with your consent or was necessary to process under the law or an agreed contract.
Security incidents can occur as a result of a human error or a systemic issue. The controller of your data must make sure that they had evaluated the risks of potential data breaches and had taken appropriate levels of security measures to protect your data.
If a security issue does occur, the controller must establish whether a personal data breach has taken place and take steps to address it, including notifying the relevant bodies if this is necessary.
What does the law say about data breach claims?
The law surrounding technology and data is relatively new, as personal data was only processed in large amounts at the end of the 20th century. Data breach claims can be pleaded under:
- The Data Protection Act (DPA) 1998.
- The General Data Protection Regulation (GDPR) 2018 – This replaced the DPA to reflect the changes since 1998.
- The UK GDPR – This is a UK version of the GDPR following Brexit.
- Human Rights Act 1998.
- Breach of confidence.
- Misuse of personal information.
What can you claim for?
There are two types of damages you can claim for a data breach incident:
- Material damages – Impacts to your finances.
- Non-material damages – Impacts to your psychological well-being.
Material damages include incidents such as identify theft, effects to your credit score or money stolen as a result of a data breach. When claiming compensation, it is important that you are in the same financial position you would have been in had the data breach not occurred.
Even if there were no material damages, you can still make a claim for non-material damages. You have certain rights and freedoms, such as the right to private and family life. If these rights were broken or put at high risk due to the data breach, you may have suffered from anxiety or distress. As a result, you may be able to claim compensation for psychological damages.
Data breaches are a relatively new area of law and there is no set guidance on how much you can claim for an incident. The type of breach, the type of information and your losses will be taken into consideration when assessing the level of damages.
Examples of data breach claims
- British Airways, 2018 – Fined £20m when a data breach affecting over 400,000 customers resulted in the loss of personal log in and payment details.
- TalkTalk, 2016 – Fined £400,000 for failing to implement effective security measures, resulting in the theft of personal data of over 150,000 customers.
- Wrightington, Wigan and Leigh NHS Trust Foundation, 2019 – Over 2,000 people’s data was wrongly accessed. One individual whose medical details were accidentally disclosed received £10,000 in compensation.
How we can help you
Data breaches are becoming increasingly common as more companies process our personal data. If you think you have suffered from a data breach, we understand the physical and emotional stress this may have caused you. Our dedicated team are always committed to achieving the best possible outcome for you, and on top of the compensation.
For a free initial advice on how we can assist you please contact us or complete our online enquiry form and we will call you.