Email Data Breach – Am I Able To Claim?

By Stephen Yutani. Last Updated 4th September 2024. In this guide, we will explore when you might be eligible to make an email data breach claim. Organisations have a responsibility to protect your personal data as per data protection law. If they fail to do so, it could cause your personal data to become compromised. This could lead to you suffering mental harm or financial loss. In some cases, you could be eligible to claim data breach compensation.

Binary code displayed on a computer screen

In this guide, we will explore the responsibilities outlined in data protection law in more detail. Additionally, we’ll look at:

  • What data breaches are
  • How to make a data breach claim
  • How much data breach compensation you may be eligible to receive
  • The benefits of hiring a No Win No Fee solicitor to represent your case

An email can include various types of personal data, including sensitive information that requires more protection. If an email with personal data is sent to the wrong person, it could be used in a range of ways that could have a negative impact on your life.

A breach can be completely accidental, for instance, a human error or arise from a deliberate act, such as hacking. We will explore other examples throughout our guide.

For more information about your potential claim, please do not hesitate to contact us. Our team is here to help 24 hours a day, 7 days a week. You can get in touch for free legal advice by:

  • Calling the number at the top of the page
  • Speaking with an advisor via the live chat function below 
  • Filling out our online contact form

Choose A Section

Can I Claim For an Email Data Breach?

According to the Information Commissioner’s Office (ICO), a data breach is a security incident that affects the confidentiality, integrity or availability of an individual’s personal data. Subsequently, an unauthorised person may access, disclose, destroy or tamper with your data.

The ICO is the UK’s independent body that upholds the rights and freedoms of data subjects. They also may investigate suspected data breaches. If an organisation is found to have committed a data breach, the ICO may impose a monetary fine as well as take other enforcement action.

Furthermore, there are different pieces of legislation that are responsible for governing the processing of personal data. These are the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). The DPA was updated after the UK left the EU.

Together, they set out clear rules to be followed by all data controllers or processors when processing your personal data. As per the ICO, a data controller is someone who determines how and why your data is collected. On the other hand, the processor is responsible for processing the data on behalf of the controller. The controller can also process the data themselves.

For you to make a email data breach claim, there must have been wrongful conduct on the part of the controller and/or processor. This could include them failing to adhere to data protection legislation.

If their wrongful conduct results in a data breach that compromises your personal data and leads to you suffering psychological harm or financial loss, you could have grounds to put forward a valid claim.

Our team of advisors can offer you free advice on pursuing data breach claims with no obligation to work with us afterwards. Get in touch to find out more.

What Information Could Be Involved In a Data Breach?

An email data breach may involve personal data being compromised via email. The ICO defines personal data as any information that can lead to you being identified. For example:

  • Your name
  • Postal address
  • Email address
  • Phone number

Some categories of data are considered more sensitive and, as such, require more protection when being used by an organisation. This is known as special category data. Some examples of special category data may include:

Here are several examples of how a data breach could occur:

  • Data concerning your health is sent to an incorrect recipient and may be accessed by someone who isn’t authorised, despite the sender having your correct email address on file.  
  • Your disciplinary records are sent to the incorrect person leading to an impact on your working life.
  • A company may send you marketing emails despite you opting out or not consenting to receiving emails for marketing purposes.
  • Poor security measures may allow cyber criminals to infiltrate an organisation’s server and send phishing emails. 
  • A customer wide email is sent out to multiple recipients but the emails are not blind carbon copied (BCC) meaning other people have access to your email address.

What Can I Do After An Email Data Breach?

In this section, we will look at the action you can take if you suffer from an email data breach:

  • The data controller/ processor is responsible for informing you of a personal data breach that affected your rights and freedoms. They must do so without undue delay. They should also report the breach to the ICO if it meets the criteria for doing so.
  • If you haven’t been notified of the breach or you suspect a breach has happened, you could complain to the controller/ processor. Any communication you have with them can be used as evidence when making a claim. 
  • You could also report a data breach to the ICO. They may investigate the breach and any findings from their investigation can be used as evidence to support your claim.
  • Whilst this process is ongoing, you may seek legal advice and look to make a data breach claim. You do not have to have made a report to the ICO to make a data breach claim. 

If you would like more advice on the steps you can take after an email data breach, please contact one of our advisors. 

Potential Compensation You Could Receive from a Data Breach Claim

If your email data breach claim is successful, then the settlement you receive could be made up of compensation for your material and non-material damage. 

Non-material damage refers to any psychological injuries that have been caused or worsened because of the data breach of your email. For instance, if you have suffered distress, depression or post-traumatic stress disorder as a direct result of the data breach.

You can claim compensation for psychological harm without also claiming for any financial losses.

Below, we have compiled a table of compensation amounts based on the Judicial College Guidelines (JCG). Those who value a data breach claim, may refer to this document, as it contains a list of different physical and psychological injuries alongside guideline compensation brackets. The table can be viewed for guidance only. Please note that the table’s first entry is not based on the JCG.

Injury SeverityCompensation GuidelineDetails
Severe Psychological Harm Plus Financial LossesSevereUp to £250,000+If you've suffered severe psychological harm, then you may be eligible to claim for this plus any related financial losses.
Psychiatric DamageSevere£66,920 to £141,240Inability to cope with different areas of life and a very poor prognosis.
Psychiatric DamageModerately Severe£23,270 to £66,920Significant problems coping with life, education or work but a better prognosis.
Psychiatric DamageModerate£7,150 to £23,270Despite having some problems coping with life, education or work with the potential of future vulnerability, there has been marked improvement and the prognosis will be good.
Psychiatric DamageLess Severe£1,880 to £7,150Compensation will be determined by the time period of disability and the extent to which daily activities and sleep were impacted.
Post Traumatic Stress Disorder (PTSD)Severe£73,050 to £122,850Permanent impact on the person reducing their ability to work.
Post Traumatic Stress Disorder (PTSD)Moderately Severe£28,250 to £73,050A better prognosis will be achieved by seeking professional help.
Post Traumatic Stress Disorder (PTSD)Moderate£9,980 to £28,250Continuing symptoms despite the injured person having mostly recovered.
Post Traumatic Stress Disorder (PTSD)Less Severe£4,820 to £9,980A near full recovery has been made within 1-2 years.

Material damage refers to any financial losses that have occurred due to the breach.

For example, somebody may have been able to access your home address after receiving your personal data through an email data breach. Subsequently, you feared for your safety and had to purchase home security items, including CCTV and an alarm system. You can prove these costs with receipts for the items and invoices for the installation.

For more information on how much compensation for a data breach you could receive, call our team of advisors for free today.

No Win No Fee Solicitors – What are the Benefits?

A concern you may have about hiring a data breach solicitor to represent your claim is the cost that might come with it. 

However, this concern can be alleviated by working with a solicitor under a No Win No Fee agreement – specifically, a Conditional Fee Agreement (known as a CFA for short). 

Generally with a CFA, there aren’t any fees to pay to your solicitor for the services they provide you if your case fails. 

If your claim wins, you will have to pay a success fee. This will be a percentage of your compensation, which is legally capped. 

Contact Us Today For Free To Learn More About Claiming

If you have been impacted by an email data breach and want to learn if you are eligible for data breach compensation, get in touch now. 

Our team of advisors can offer free legal advice and provide further clarification on anything of which you’re unsure. You can contact us by:

  • Calling the number at the top of the page
  • Speaking with an advisor via the live chat function below 
  • Filling out our online contact form

A close up of a finger pushing a key on a keyboard that says 'data breach response'

More Information about Claiming for an Email Data Breach

Below, we have provided additional resources that you may find beneficial.

Thank you for reading our guide on what to do if you suffer from an email data breach. Call us if you need any other information.