Can You Sue A Company For A Data Breach?

Companies that personal data such as contact details or biometric data have a responsibility under leading data protection legislation to ensure they keep this information safe and secure. Personal data breaches can happen for all sorts of reasons, from letters sent in human error to your old address to failing to stop your bank statements from being deliberately shared online.

However, it is only when a company fails in their obligation to adhere to data protection law that you can sue that company for a data breach.

In this guide, we are going to begin by examining whether or not you as the data subject have the right to sue a company for comprising your personal data. It may not always be obvious that you have a valid case, and, for that reason, we shall provide examples of what makes a person eligible to claim data breach compensation. The sections that follow will look at when and how you should be informed if your data has been breached and how you can use such information to support your claim.

Very often before you begin a data breach claim, you may want to know how much you could be awarded should you succeed. Below, you will find a comprehensive section that looks at what your data breach compensation could cover. To complete our guide, we tell you how our panel of expert data breach solicitors can agree to represent you on a No Win No Fee basis.

You can also discuss this with our advisors who are ready to move your claim in the right direction today. Get in touch today for a free initial consultation with no obligation whatsoever.

  • Call our 24-hour helpline on 020 8050 3051.
  • Request a call back using our Contact Us page.
  • Talk to us now using the Chat window below.

Blue-lit binary code cascades across a black background.

Choose A Section

Can You Sue A Company For A Data Breach?

Two leading pieces of legislation, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA), provide rules and obligations for those that process your data. Two key entities that must follow these laws are data controllers and data processors. Controllers include your employer, your bank, and online shopping companies, and data processors. They decide how and why to process data. They may do so internally or use a data processor to do it for them.

So, when can you sue a company for a data breach? In order to be eligible to claim data breach compensation, your circumstances must satisfy three criteria:

  • The company (the controller or processor) did not comply with data protection law. For example, they fail to train their staff on data awareness.
  • The company breaches your personal data. For example, untrained staff could disclose your personal information to another person who has no authority to receive it.
  • This caused you financial and/or mental harm.

It is important to note that not all data is “personal data”, which must be capable of identifying you. Special category data, while still a type of personal data, involves much stricter rules. This is sensitive information such as sexual orientation, medical records, or political affiliation.

If you have been affected by a security incident involving your personal data, you could be owed compensation. Contact our advisors today via the details at the start of this guide.

How Could A Company Cause A Data Breach?

You can sue a company for data breach if they destroy, lose, alter, disclose, or grant access to your personal data in an accidental or unlawful manner. “Unlawful” means anything that breaks the rules set out in the DPA or UK GDPR. For example:

  • Your medical reports are lost by a solicitor when they leave their briefcase on a train.
  • A social worker unknowingly changes the address on your file instead of another patient’s. Sensitive details about your psychiatric status are sent to the other patient’s address.
  • The HR department at work leaves your file open on a desk during a meeting with someone else. They see your disciplinary record and gossip about it afterwards.

An upset man in a blue shirt listens to his therapist as he holds his head in his hand.

Can You Complain To The ICO About A Data Breach?

The Information Commissioner’s Office (ICO) is an independent public body that upholds data rights. They can intervene when an organisation breaches personal data, including advising on better practices and issuing fines.

While they cannot award compensation, you can make a complaint to them if your personal data is breached. They will likely put the findings of any investigation in a letter to you, which can in turn be used as evidence for a claim for compensation.

You do not need to contact the ICO to start a claim with our panel. Our advisors can set up your next steps towards compensation. Their details are at the top of this screen.

How Do You Know If A Company Has Breached Your Personal Data?

In most cases, you know you can sue a company for a data breach of your personal data because an organisation must tell you without undue delay if they believe your data rights and freedom are at risk. They must clearly explain:

  • The nature of the breach.
  • Its likely consequences.
  • Any measures taken.
  • How you can protect yourself.

In this event, they must also inform the ICO within 72 hours of the breach.

Has this happened to you? Our advisors can help. Get in touch via the methods listed at the start of this guide.

What Do You Need To Claim Compensation For A Data Breach?

Can you sue a company for data breach without evidence? No, you will need to prove your case to claim data breach compensation.

If you have already reported the breach to the ICO, their findings could be used as proof of your claim. Other useful evidence may include:

  • Medical evidence of any psychiatric injuries.
  • Receipts or payslips showing any financial losses.
  • Correspondence from whoever handled your data.
  • Contact details of any witnesses to the breach or any psychiatric injuries.

Do you have a case but not the time and resources to collect evidence? Our panel of solicitors can do the hard work for you. Contact us today via the details at the top of this page.

A hand pressing a holographic button that reads "Security Breach".

What Compensation Could You Receive For A Data Breach?

How much can you sue a company for a data breach for? This will depend on the damage caused. So long as you can prove it was caused by the data breach, you can sue a company for material damage, non-material damage, or both.

Material damage can be described in money terms, i.e. financial losses. You can claim for the expense of:

  • Relocation.
  • Finding new work.
  • Home security.
  • Therapy.
  • Medication.
  • And more.

Non-material damage includes your psychological pain and suffering. The Judicial College Guidelines (JCG) provide suggested compensation brackets for different injuries. Some relevant examples are in the table below.

The first entry is to account for more complex claims and is not a JCG figure.

TypeSeverityCompensationNotes
Psychiatric Harm plus Compensation for Material DamageVery SevereUp to £250,000 or moreNot a JCG figure. Will likely include significant material damage.
Post-Traumatic Stress DisorderSevere£73,050 to £122,850All aspects of the traumatised person's life are affected, in many cases permanently.
Moderately Severe£28,250 to £73,050Significant disability for the foreseeable future, although professional aid may allow for some recovery.
Moderate£9,980 to £28,250Recovery is possible, and any long-term effects are not significant.
Less Severe£4,820 to £9,980Virtually complete recovery will be made within a year or two.
Psychiatric Damage GenerallySevere£66,920 to £141,240Extreme cases taking into account any effect on life prospects, relationships, prognosis, and medical status.
Moderately Severe£23,270 to £66,920Significant cases taking into account any effect on life prospects, relationships, prognosis, and medical status where some optimism of outcome remains possible.
Moderate£7,150 to £23,270Recovery possible from problems taking into account any effect on life prospects, relationships, prognosis, and medical status.
Less Severe£1,880 to £7,150Determined by the period for which there has been some negative effect on life and sleep.

To know how much compensation you could get, contact our advisors using the details at the top of this guide.

Can You Sue A Company For A Data Breach On A No Win No Fee Basis?

Can you sue a company for a data breach by yourself? Yes, if you have the time and resources. If not, our panel of solicitors can help you claim compensation.

Our panel has dedicated decades to helping people in situations just like yours. They have the expertise, professionalism, and proven record to:

  • Bring your case to its best possible conclusion.
  • Negotiate on behalf of your best interests.
  • Gather any evidence you may need.
  • Explain every step to you along the way.

There’s also no reason to worry about the cost, because a document called a Conditional Fee Agreement (CFA) would allow our panel of solicitors to begin work on a No Win No Fee basis. For their services, you would:

  • Pay no upfront costs.
  • Pay no ongoing costs.
  • Pay nothing if you lose.

If you win, they will take a small, capped percentage of your award. That’s it.

Two solicitors wearing office attire answer the question "can you sue a company for data breach?".

Don’t wait any longer to claim. Let our panel of solicitors stand up for your data rights today.

More Useful Resources About Claiming For A Data Breach

Here are some more guides from us that you may find useful:

Here are some helpful resources from around the Internet:

Thank you for reading our answer to the question “can you sue a company for data breach?”.