Data Breach Claims

Data Breach Claims. We live in a world where details of our life, health, and finances are stored by multiple parties on multiple devices. This can be of great assistance in many cases, however, if the data stored is disclosed to another party either deliberately or through error, then you could be financially, personally or emotionally compromised.

If you have been the victim of a data breach, then you may be entitled to compensation. We can help you with any compensation claim that you may have and would be happy to discuss this further with you via one of the following methods:

  • Telephone:     0113 224 7808
  • Email:   
  • Complete the form at the bottom of this page and we will contact you.

The Data Protection Act 2018, and the Human Rights Act 1998 are in place to protect you and your personal data and it is important that you get appropriate professional advice to pursue your claim.

We have set out below some of the more frequently asked questions when pursuing a data breach claim.

What is Personal Data?

Personal data includes “any information relating to an identified or identifiable living individual;  identifiable living individual’ means a living individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or… to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” – s.3 – Data Protection Act, 1998

Who holds your information?

Your information can be held by both public and private bodies and organisations. This can include local governments, local authorities, the NHS, police, schools, and Her Majesty ‘s Courts and Tribunal Services.

The information held may be in relation to:

  • your contact details to include postal and email address.
  • your gender, sexual orientation, political and religious beliefs.
  • Your medical, employment, and educational history.
  • Any criminal record you may have.
  • Your bank and credit card details.

How should the information be held?

Information that is held by public and government bodies needs to be dealt with appropriately.

This means that:

  • They should not store nor continue to hold inaccurate or out-of-date information.
  • They should not hold onto the data any longer than is required.
  • Confidential data should remain confidential.
  • They need to take reasonable steps to ensure that the data they hold is safe from hackers.

The data should only be used for what it was obtained and not for general use.

What is a data protection breach?

A data breach is where your personal information has been released, either deliberately or accidentally, and allows an individual to be identified. It can be as straightforward as a third party accidentally including your email details when emailing someone else, or your medical records being sent to another third party.

Who can make a data breach compensation claim?

If an organisation fails to manage your data, then you could look to bring a claim for compensation against them. You can claim for the financial loss and any emotional distress that resulted from the breach.

What do I have to show before I can bring a claim for a data breach?

For your claim to be successful you will need to show that the organisation that held your data has failed to take all reasonable steps to ensure the safety and security of your data and that, as a result of the negligence, your data was released or made available to other, non-related parties or organisations. The disclosure of your data must be without your consent.

The holder of your data has certain obligations when handling data and you may have a claim if:

  • the breach has occurred as a result of the data being lost or hacked;
  • data has been disclosed to a third party without your consent;
  • the information held had not been updated and the inaccuracy of such has caused you damage.

This may be in relation to the financial aspects of your life, and/or personal information held has been used in an inappropriate manner.

How do I start a claim for compensation for a data breach?

If you believe you have a claim for a data breach, get in touch with us to discuss this further. We are happy to carry out an initial review of your potential claim at no cost to you and provide an initial assessment and evaluation of your position.

The first step in making a data breach claim would include reviewing details of the breach and speaking with you to establish the extent of the damage the breach has caused.

Once we are satisfied that you have a claim a Letter of Claim would be sent to the organisation or company that has carried out the breach. They would then have 14 days in which to respond. If no response is received, the next step would be to issue court proceedings.

What is my data breach claim worth?

As with most claims, any claim brought in relation to a data breach will be based upon its own facts and merit. This makes it very difficult to give any kind of indication as to what such claims are worth.

Whilst past decisions and awards can provide a useful indication as to the value of your claim, we will need to consider the nature of the breach, the number of people to whom the information was disclosed, and the consequences of such disclosure.

Whilst we will need to carry out an assessment of your claim before we can advise on the possible compensation amounts you could seek to claim, the following examples  provide an indication of the level of a compensation award for distress and injury to feelings:

  • Disclosure of personal details (this includes the name, date of birth, postal and email address) compensation awards range between £1000 and £1500
  • Unlawful disclosure of medical information and records award between £2000 and £2500
  • Unlawful disclosure of financial information. This can range from between £3000 to £7000.

If it can be shown that the breach was a result of deliberate misconduct or motive, then aggravated damages may also be awarded. Overall this could lead to an increase of between 25 to 50% of the award made.

We may need to obtain medical evidence in support of your claim.

Do I have to report my data breach to any other organisation?

If you feel that you have been the victim of a data breach, whilst we can assist you in making a claim for compensation, you can also report it to the Information Commissioners Office (“ICO”). The ICO is the UK’s independent data privacy regulator. Whilst the ICO cannot make an award of compensation, they can investigate and fine any organisation that is guilty of a data breach. The investigation and, if appropriate, the conviction can be very helpful in supporting your compensation claim.

You can make a compensation claim without reporting the matter to the ICO however we would strongly recommend that you take this step as it will allow the ICO to carry out the majority of investigations on your behalf.

How long do I have to bring a data breach claim?

You have six years from the date of the breach to make your claim under the Data Protection Act 2018. This means that if you have been the victim of a data breach in the past six years you may be entitled to make a claim. Some of the larger group actions have deadlines that are set by the court therefore the sooner you begin your claim the better.

If you are bringing your claim for a breach of privacy under the Human Rights Act, you have one year beginning with the date on which the act complained of took place.

The above limits can be extended but only at the discretion of the appropriate court and in certain circumstances.

Does there have to be a criminal prosecution before I can make a data breach claim?

There does not have to be a successful criminal prosecution for you to bring a claim.

How much will it cost to bring a data breach claim?

We have a number of funding options available to allow you to bring your claim.

If we think your claim has sufficient chances of success, we are happy to act on your behalf under a Conditional Fee Agreement, also known as a ‘no win-no fee’. This means that we agree to act for you on the basis that, as long as you abide by our terms and conditions, we will not charge you for the work we have done on your behalf if the claim is not successful.

If your claim is successful,  you usually have to make a contribution to your legal costs, in the form of a “success fee” which we are entitled to charge in the event that we win your claim. This will be taken out of your compensation and is not recoverable from the other party. Whilst the amount of the success fee will depend on at what stage your claim settles,  for the vast majority of claims we guarantee never to deduct more than 25% plus the VAT from the compensation which you receive.

How to contact us?

If you have any further questions in relation to your data breach claim, please get in touch with our Data Breach Team who will be happy to discuss this further.

You can contact us via one of the following methods: