This guide will answer the question, ‘what is a pharmacy data breach, and can I claim compensation?’ To be eligible to make a claim for a personal data breach, you must prove that the organisation responsible for your personal data failed to comply with data protection laws, which caused you to suffer psychological harm or financial losses.
Pharmacy data breach claims guide
The two central pieces of legislation governing data protection are the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). The UK GDPR outlines the principles an organisation must adhere to when processing data. It also allows victims harmed by a personal data breach to make a compensation claim.
This guide will look at what a pharmacy is expected to do to protect your information and how a personal data breach could happen. Additionally, this guide will explain the benefits of using a No Win No Fee data breach solicitor.
You can also contact our advisors to discuss your claim. They provide legal advice for free, which comes with no obligation to further your claim with a solicitor from our panel.
To get in touch:
- Call the number at the top of the page
- Contact us by filling out our online form
- Use our live chat feature at the bottom of the page
Choose A Section
- What Is A Pharmacy Data Breach?
- How Can A Personal Data Breach Happen?
- What Should I Do After A Pharmacy Data Breach?
- Potential Compensation From A Data Breach Claim
- What Are The Benefits Of Using No Win No Fee Solicitors?
- More Information About Claiming For A Pharmacy Data Breach
What Is A Pharmacy Data Breach?
When you use the services of a pharmacy, such as submitting a prescription to receive medication, you place your trust in them to handle your personal data in line with data protection laws. When this doesn’t happen, it can result in a pharmacy data breach.
The Information Commissioner’s Office (ICO) broadly describes a data breach as a security incident that affects the confidentiality, integrity or availability of personal data. The ICO is an independent UK authority responsible for upholding information rights. They cannot award compensation for a data breach. However, they can issue organisations monetary penalties for failing to adhere to legislation.
When talking about a data breach, you will come across the terms data controller and data processor:
- Data controller – The organisation responsible for making the decisions over the purpose and means of processing personal data.
- Data processor – The organisation processing the data on behalf of the data controller.
Both data controllers and data processors must comply with data protection laws. If they do not, it could result in a personal data breach that causes you, the data subject, psychological and financial harm, leading to a data breach compensation claim.
If you are suffering following a personal data breach, you might be able to make a claim. Contact our team of advisors for an assessment of whether your pharmacy data breach claim may be valid.
How Can A Personal Data Breach Happen?
A pharmacy will keep various information about their patients, which they require to supply the right patients with the correct medication. Some examples of personal information they may process about you which is protected under the UK GDPR include your:
- Name
- Date of birth
- Home address
- Place of work
- Email address
- Medical information
- Debit card details
The UK GDPR protects data in both physical and digital forms. Therefore, there are various ways a pharmacy data breach could happen. Some of these include:
- A pharmacist sends an email containing your personal data to the wrong recipient.
- A pharmacist worker sends a letter containing your personal data to the wrong address.
- A pharmacy fails to safely store your information. For example, they may not have sufficient data protection policies in place.
- A pharmaceutical worker leaves your personal details open on an unattended or unlocked computer screen.
If you have been harmed by a personal data breach resulting from a pharmacy’s failings, contact a member of our team today.
How Often Does A Pharmacy Data Breach Happen?
The ICO provides figures on data security incident trends. During the 4th quarter of the 2021/2022 financial year, there were:
- 2,172 total reported data security incidents.
- 427 of these happened in the health sector.
- There were 71 data breach incidents due to data posted or faxed to the incorrect recipient.
What Should I Do After A Data Breach?
After becoming aware of a data breach that could impact your freedoms and rights, the pharmacy should notify you without delay. Also, they are required to inform the ICO within 72 hours of discovery. To make a claim, the breach must be a result of the organisation’s failings, and you must suffer harm.
You may ask, what should I do if my data is breached? If you have been informed that your personal data has been breached, or if you suspect this has occurred but haven’t been informed, there are steps you can take:
- Firstly, you can make a complaint to the organisation. They may be able to provide more information.
- Following no satisfactory response from the pharmacy for three months, you could make a complaint to the ICO. They might investigate the breach, providing you with useful evidence for your claim.
Finally, we also recommend seeking legal advice after suffering from a pharmacy data breach. Our team of advisors offer free advice to help you begin making your claim.
Potential Compensation From A Pharmacy Data Breach
There are two potential heads of compensation that you could claim following a personal data breach: material damage and non-material damage.
- Material damage – the head of claim compensating you for financial losses caused by the personal data breach.
- Non-material damage – the head of claim compensating you for the psychological harm caused by the personal data breach, such as emotional distress, depression, anxiety, and post-traumatic stress disorder (PTSD).
The Vidal-Hall and Others v Google Inc [2015] Court of Appeal ruling changed the law’s position on awarding compensation for personal data breach claims, meaning you can now claim for psychological damage even if you do not claim for any monetary losses.
The table below uses guideline compensation brackets from the Judicial College Guidelines (JCG), produced in April 2022, to show how much you could receive in non-material damage for mental harm caused by a personal data breach. Legal professionals use this text to help them value settlements as the figures are calculated from previously awarded compensation amounts.
| Injury | Details | Compensation Amounts |
|---|---|---|
| Severe Psychological Damage (a) | The prognosis is very poor. The injured person has marked problems with their ability to cope with work, education and daily life. | £54,830 - £115,730 |
| Moderately Severe Psychological Damage (b) | The prognosis is a lot more optimistic than the above. The injured person has problems with their ability to cope with work, education and daily life. | £19,070 - £54,830 |
| Moderate Psychological Damage (c) | The prognosis is good, and the person will have markedly improved by the time of a trial. | £5,860 - £19,070 |
| Less Severe Psychological Damage (d) | Daily activities and sleep are affected for a time. The amount of compensation takes into account the length of time these problems occurred and to what extent. | £1,540 - £5,860 |
| Severe PTSD (a) | All areas of the injured person's life will be permanently badly affected, with no ability to function as they would before trauma. | £59,860 - £100,670 |
| Moderately Severe PTSD (b) | The injured person's life is badly affected. However, this is different than the above as there is a better prognosis for some recovery with professional help. | £23,150 - £59,860 |
| Moderate PTSD (c) | The injured person will make a large recovery and no continuing symptoms will be grossly disabling. | £8,180 - £23,150 |
| Less Severe PTSD (d) | 1 - 2 years will see the injured person make a virtually full recovery with only minor persisting symptoms. | £3,950 - £8,180 |
These figures are guideline amounts only. For a free estimate of what your claim could be worth, contact our advisors today.
What Else Could I Claim For After A Data Breach?
If eligible, you can also claim for material losses. These could include:
- Loss of earnings
- Money stolen from your bank accounts
- Damage to your credit score
It is important to note that you must provide evidence to prove any material damages. Some things you could provide are receipts, payslips and bank records.
Please contact a member of our team to discuss your pharmacy data breach claim.
What Are The Benefits Of Using No Win No Fee Solicitors?
Using a solicitor to help you through your claim could have many benefits. They will be familiar with the claims process and are able to provide expert legal advice.
Opting to hire a solicitor under a Conditional Fee Agreement (CFA) means you will only pay for your solicitor’s services if your case is successful. They will receive a small percentage of the compensation, called a success fee. This percentage has a legal cap. If your claim does not succeed, you do not pay this fee.
Contact Us For A Free Consultation To See If You Can Claim
Our expert team of advisors are available to provide you with free, confidential advice and won’t place you under any obligation to further your claim with us.
For any enquiries regarding a pharmacy data breach, don’t hesitate to:
- Call the number at the top of the page.
- Contact us by filling out our online form.
- Use our live chat feature at the bottom of the page.
More Information About Claiming For A Pharmacy Data Breach
Pages from our site for more information:
- Trade Union Membership Data Breach – Am I Able to Claim?
- Disciplinary Records Data Breach – Could I Make A Claim?
- Mortgage Broker Data Breach – Can I Claim Compensation?
External pages for further reading
We hope this guide has informed you on how a pharmacy data breach can happen and how much compensation you could be entitled to.
Writer Jess Opal
Editor Cat Harley