This is a guide on claiming after receiving a data breach notification letter. If your personal data has been breached, and this has put your rights and freedoms at risk, you should have received a notification letter from the organisation. In some cases, it may be possible to start a personal data breach claim for the financial loss and/or psychological harm you have suffered. We explore the eligibility criteria for claiming data breach compensation in more detail later in our guide.
Additionally, this guide will explore what you could do if your data is breached and you received a letter of notification informing you of what data was affected and how the breach occurred.
Furthermore, we look at the responsibilities a data controller and data processor have to protect your personal data under data protection legislation. Data controllers decide how and why your data is processed, sometimes processing it themselves. Data processors act on behalf of the controller.
If a controller or processor failed in their obligations, this is known as wrongful conduct. We provide examples of data breaches and how they could occur as a result of wrongful conduct as well as the impact they could have.
Towards the end of the guide, you can find information on how data breach compensation is calculated and what a settlement following a successful claim could comprise.
For more information or to discuss your potential data breach claim, please contact an advisor. They can assess your case and if it’s found you have valid grounds to proceed, they could connect you with a solicitor from our panel who could assist you with your claim for compensation. To reach out, you can:
- Call on 020 8050 3051
- Contact us online.
- Use the live chat feature below.
Browse Our Guide
- What To Do If You Receive A Data Breach Notification Letter
- What Is The Eligibility Criteria When Claiming After Receiving A Data Breach Notification Letter?
- Potential Examples Of A Personal Data Breach
- How Much Compensation Could You Receive For A Personal Data Breach Claim?
- What Are The Benefits Of Making A No Win No Fee Data Breach Claim?
- Learn More About Claiming After Receiving A Data Breach Notification Letter
What To Do If You Receive A Data Breach Notification Letter
Data controllers must inform a data subject, the person to whom the personal data relates, without undue delay about a personal data breach that has put their rights and freedoms at risk. This is often done by sending a letter of notification.
The notification letter should inform you what personal data was involved, how the breach occurred and what steps the organisation is taking to address the issue and prevent it from occurring in the future.
Some steps you can take after receiving this letter include:
- Contacting the organisation for further information. You can keep any correspondence you have with them as evidence to support a potential personal data breach claim.
- Contacting the Information Commissioner’s Office (ICO). The ICO is the UK’s independent body set up to uphold information rights. You can report the data breach to the ICO if you have had inadequate communication with the organisation. The ICO may choose to investigate the incident, the findings from which could help support your case.
Additionally, you could seek legal advice from an experienced data breach solicitor and potentially start a claim for compensation. Read on to find out more about personal data breach claims. Or, you can call our team to find out whether you have valid grounds to proceed with your case.
What Is The Eligibility Criteria When Claiming After Receiving A Data Breach Notification Letter?
Personal data is any information that can be used to identify you, such as your name, postal address, or email address. There is other personal data that is more sensitive, called special category data, that requires more protection. Examples include data concerning your health and data revealing your ethnic or racial origin.
Data controllers and processors must adhere to the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR) in order to protect your personal data.
If they failed to adhere to data protection law, it could lead to a personal data breach. The ICO define a personal data breach as a security incident affecting the integrity, confidentiality and availability of your personal data.
You may wonder whether claiming after receiving a data breach notification letter is possible. In some cases, you might be entitled to make a data breach claim provided you meet the eligibility criteria below:
- A data controller or processor failed in their obligations to adhere to data protection laws.
- Due to their wrongful conduct, a breach of your personal data occurred.
- You experienced financial damage and/or psychological harm as a result of your personal data being compromised.
Call our team on the number above to find out more about personal data breach claims and whether you could have valid grounds to start a claim.
Potential Examples Of A Personal Data Breach
Data breaches can occur through human error or cyber security incidents. For example:
- A letter filled with sensitive data is sent to an old address even though you had given the organisation your new address. This could lead to stress and anxiety.
- A bank may have sent a letter with your new debit card and pin number to the wrong address through human error, even though they had the correct information for you. As a result, you suffer financial losses in the form of money being stolen from your account.
- Your medical records are lost after there was a failure to implement adequate physical security measures. Due to sensitive data being compromised, you suffer anxiety and distress and require time off work to recover leading to a loss of earnings.
- A failure to implement adequate cyber security measures left an organisation more susceptible to a cyber attack. As a result, personal data was stolen affecting data subjects psychologically and financially.
To discuss your specific case and find out about claiming after receiving a data breach notification letter, please get in touch using the number above.
How Much Compensation Could You Receive For A Personal Data Breach Claim?
A data breach settlement awarded following a successful claim can comprise compensation for two types of damage. The first is non-material damage which refers to the psychological injury caused by the data breach, such as emotional distress, anxiety, stress and depression. It could also include post-traumatic stress disorder in more severe cases, or the exacerbation of a pre-existing condition.
Reference can be made to the Judicial College Guidelines (JCG), a document containing guideline compensation brackets, when valuing non-material damage. Additionally, your medical records or specialist reports from your doctor can also be referred to when valuing psychological harm.
Compensation Guidelines
The table below contains figures from the JCG, with the exception of the first entry. Please use this table as guidance only because settlements can vary.
| Injury | Severity | Compensation Bracket Guidelines | Notes |
|---|---|---|---|
| Severe Mental Health Impact With Significant Financial Losses | Severe | Up to £150,000 plus | Compensation for severe psychological harm alongside resulting financial losses that are significant. This can include loss of earnings. |
| General Psychiatric Damage | Severe | £54,830 to £115,730 | The person will have a very poor prognosis and marked problems affecting different areas of life. For example, there will be a marked impact on their ability to cope with life, education and work as well as their relationships with family and friends. |
| Moderately Severe | £19,070 to £54,830 | Significant problems, similar to the above bracket, but with a more optimistic prognosis. | |
| Moderate | £5,860 to £19,070 | A significant improvement and a good prognosis. | |
| Less Severe | £1,540 to £5,860 | Consideration is given to the length of disability and the extent to which it affects daily activities and sleep. | |
| Post-Traumatic Stress Disorder (PTSD) | Severe | £59,860 to £100,670 | Permanent effects preventing the injured person from working or functioning at the pre-trauma level. All aspects of the person's life will be badly affected. |
| Moderately Severe | £23,150 to £59,860 | A better prognosis than in severe cases due to the person showing some recovery after receiving professional help. Despite this, the effects are still likely to cause a significant disability for the foreseeable future. | |
| Moderate | £8,180 to £23,150 | A large recovery with any ongoing issues not being grossly disabling. | |
| Less Severe | £3,950 to £8,180 | The person makes a virtually full recovery within a couple of years and only minor issues continue over a longer period. |
Claiming For Material Losses
You could also receive compensation for material damage which refers to the monetary losses caused by the personal data breach. This could include:
- Money taken from your bank account or spent on your credit card fraudulently.
- Loans taken out in your name.
- A negative impact on your credit score.
- Loss of earnings incurred due to time taken off work to recover from the mental impact of the breach.
Evidence can help demonstrate these losses. As such, you should keep hold of any credit reports, bank statements, and wage slips, to help prove any financial expenses incurred.
For more information on how data breach compensation is calculated and a free estimate of what you could potentially receive, please call an advisor on the number above.
What Are The Benefits Of Making A No Win No Fee Data Breach Claim?
If you have valid grounds to claim compensation following a breach of your personal data, you could benefit from instructing a No Win No Fee solicitor from our panel to represent you. They can offer their helpful services via a contract called a Conditional Fee Agreement (CFA).
There are various advantages to this. Firstly, under a CFA, you don’t typically have to pay any upfront fees for the solicitor’s services. You also don’t need to pay fees for these services as the claim progresses, or if it fails.
A successful claim outcome means a success fee will be taken by your solicitor from your compensation. However, this is taken as a percentage which has a legal cap, ensuring you receive the bulk of the payout.
If you have any other questions about what to do after receiving a data breach letter, including whether you could seek compensation with help from a solicitor off our panel, get in touch with our team. To do so, you can:
- Call on 020 8050 3051
- Contact us online.
- Use the live chat feature below.
Learn More About Claiming After Receiving A Data Breach Notification Letter
For more of our helpful guides:
- This guide looks at what other types of personal data breaches you can claim for.
- This guide explains data protection at work claims.
- Details on data breach claims for letters sent to the wrong address are examined in this guide.
For more external resources:
- This ICO resource explains the lawful basis for processing personal data.
- Find out what data an organisation has about you from the GOV.UK.
- The National Cyber Security Centre (NCSC) discusses phishing scam emails and texts and how to report them.
Thank you for reading this guide on claiming after receiving a data breach notification letter. If you have any other questions, please contact an advisor on the number above.