If an organisation has compromised your details, you may find yourself asking: can you sue a company for a data breach? Read our guide in order to find out. You can also visit our FAQ page.
Key Takeaways
These are the main points to consider when making a potential data breach claim:
- If your personal data was breached and you were impacted, you may be able to claim compensation
- The impact you have suffered can include financial losses, psychological harm, or both
- You can receive compensation for emotional distress and relevant costs incurred
- You claim against the company that breached your data. This could be a data controller, a data processor or both
- You will need evidence in order to claim, proving the breach’s occurrence and impact
- Our panel of data breach solicitors can represent you on a No Win No fee basis
When you give your data to a company, you expect them to protect it. The breach of your data can cause an incredible amount of worry and stress. Our advisors can help you to find out if you can sue a company for a data breach. Continue reading to find out more information, or contact our advisors with your query:
- Call on 02080503051.
- Contact Us online.
- Use our live chat feature
Browse Our Guide
- Can You Sue A Company For A Data Breach?
- What Is The Difference Between A Data Controller And A Data Processor?
- What To Do If A Company Breaches Your Data
- Compensation In Data Breach Claims
- Do I Need To Prove My Claim?
- Can You Sue A Company For A Data Breach On A No Win No Fee Basis
- Learn More About Making A Data Breach Claim
Can You Sue A Company For A Data Breach?
Personal data refers to the pieces of your data that could be used to identify you. Someone may be able to identify you from the personal data on its own or in combination with other types of data. Examples of personal data include:
- Name
- Address
- Telephone number
- Email address
You need to be able to prove the below in order to be eligible:
- An organisation did not follow data protection laws, such as The Data Protection Act (2018) or the UK General Data Protection Regulations
- This allowed for your personal data to be breached
- The breach of your personal data meant that you suffered mental harm, financial losses or both
You must have been impacted in order to be able to sue a company for a data breach. This can include financial impact, which is referred to as material damage. Your psychological impact is referred to as non-material damage and can also qualify you for a claim. You do not need to have experienced financial impact if the data breach has caused you emotional distress.
Contact our advisors to discuss this further.
What Is A Data Breach?
The Information Commissioner’s Office (ICO) defines a personal data breach as a security incident whereby the confidentiality, integrity or availability of personal data has been impacted. This means that your data may have been:
- Lost
- Destroyed
- Altered
- Shared or accessed without authorisation
Consequently, there are many examples of data breaches. For instance, if you are a customer of an organisation and one of their employees sends an email to the wrong address (an email data breach) containing your information, they have breached your data. Human error is a common cause of data breaches.
The Data Protection Act (2018) holds companies in the UK to a legal standard. All companies must ensure that your data is:
- Protected and handled with the correct security measures
- Used for a specific purpose
- Used transparently, lawfully and fairly
- Accurate and updated where necessary
If a company has failed to uphold the law, then they are liable. Therefore, you may be able to sue a company for a data breach if it has caused you harm.
What Is The Difference Between A Data Controller And A Data Processor?
Legal bodies/people, public authorities and agencies that establish the processing of personal data are data controllers. Those that process the data on behalf of a data controller are data processors. It is important to note that they could be both a processor and a controller. However, many companies use third parties in order to process their data.
For example, a clothing company employs a large number of employees. They are the data controller. They instruct a third-party accountancy company to handle their payroll. The accountant would be a data processor.
You can contact our advisors if you have any questions.
Who Do I Claim Against?
You could potentially claim against a data controller, data processor or both. To expand upon the example above, imagine that the third-party accountancy company breached your details. Although you paid for an order that you made through a clothing company, you could claim against the accountancy company.
If the breach of your data meets the criteria listed in our eligibility section, then you may be able to sue a company for a data breach.
What To Do If A Company Breaches Your Personal Data
‘What should I do if my data is breached? is a common question. There are some steps you could take to protect yourself. You could:
- Immediately contact the company that breached your data. If you are unsure, ask them if your data has been breached.
- Keep copies of any correspondence you have with them
- Report the breach to the Information Commissioner’s Office (ICO)- keep a record of this
- Take screenshots of spam calls and emails- these could help to provide evidence for your claim
- Monitor your finances
- Contact a solicitor- our panel of solicitors is experienced in data breach claims and can help you file a claim
You can contact our advisors to find out more information.
Compensation In Data Breach Claims
The amount of compensation you receive is based on the type and severity of the injury, as well as the amount of financial loss. The table below provides estimated compensation levels for psychological impact, as provided by the Judicial College Guidelines (JCG).
The figure in the first row is not an estimate from the JCG.
| Injury | Severity | Compensation guidelines | Notes |
|---|---|---|---|
| Severe psychological harm and financial losses | Severe | Up to £500,000+ | Compensation for impact of severe psychological harm, in addition to financial losses such as the cost of counselling |
| Psychiatric damage generally | Severe | £66,920 to £141,240 | Poor prognosis and severe difficulties functioning in daily life |
| Moderately severe | £23,270 to £66,920 | Better prognosis with improvements made and will experience multiple issues | |
| Moderate | £7,150 to £23,270 | Good prognosis with significant improvements, various issues experienced | |
| Less severe | £1,880 to £7,150 | Impact on sleep and daily activities will be considered for level of compensation | |
| Post-Traumatic Stress Disorder | Severe | £73,050 to £122,850 | Permanent symptoms that impede daily life |
| Moderately severe | £28,250 to £73,050 | Improved prognosis with some recovery, though still causing disability | |
| Moderate | £9,980 to £28,250 | Mostly recovered from illness and not majorly impacted in future | |
| Less severe | £4,820 to £9,980 | Near full recovery made within two years, only minor symptoms continue |
Material Damage Compensation
Additionally, you could suffer material damage. This means that you may recover compensation if the breach has caused you to:
- Pay for counselling
- Lose wages due to time taken off work
- Pay for relocation
Our panel of solicitors will take an in-depth look into the impact that the breach has had on you. For that reason, they will give you the best chance to gain the right level of compensation.
Do I Need To Prove My Claim?
You will need evidence in order to sue a company for a data breach. This could include:
- Correspondence between you and the company that has breached your data
- Written proof showing the breach of your data. The company may send a notification letter to tell you what details were breached.
- Proof of financial loss- such as payslips or bank statements
- The results of an investigation from the Information Commissioner’s Office (ICO)
- Proof of psychological impact- including a letter written by a psychologist or your medical records
You can contact our advisors for further guidance.
Can You Sue A Company For A Data Breach On A No Win No Fee Basis
We understand that a data breach can be a very stressful situation that may cause you to ask yourself: can you sue a company for a data breach? Our panel of solicitors can assist you with the offer of a No Win No Fee agreement.
A Conditional Fee Agreement (CFA) ensures that you do not have to worry about paying for your legal representation. Typically, our panel will not ask for any fees up front. If you are successful in gaining compensation, your solicitor will deduct a success fee. You do not need to worry about this fee, as it is legally capped. You will still receive the majority of the compensation awarded.
If you are interested in our No Win No Fee contracts, you can contact our advisors to find out more.
Get In Touch With Our Team
Our panel of solicitors can help you to make the best decisions for your claim. They can assist you with:
- Gathering evidence
- Filing your claim within the six-year limitation period
- Communicating with the defendant on your behalf
- Negotiating your case to get you the best results
Their knowledge of data breach claims can help you to understand the claim process. Therefore, you will be able to make the best decisions for your claim. If you have any questions, you can:
- Call on 02080503051.
- Contact Us online.
- Use our live chat feature.
Learn More About Making A Data Breach Claim
Explore our website for more advice on data breach claims:
- Visit our webpage on medical data breach compensation
- Find out how to claim if your password has been breached
- Learn how to claim if the police have breached your data
Additionally, you can also use the resources below for further information:
- Report the data breach to the Information Commissioner’s Office (ICO)
- Read the government’s advice on how to recover a hacked account
- Check the NHS webpage for advice on your mental health
Thank you for reading our guide about when can you sue a company for a data breach.
