Personal data is any type of information that can identify someone, such as their postal address or national insurance number. Some types of personal data need extra protection due to the information being more sensitive, such as information about one’s health or sexual orientation. This is known as special category data. If your personal data is breached, this could lead to you suffering financially and/or psychologically.
Are you a patient who’s had your personal data breached by a pharmacy? If so, you may be wondering how to start a pharmacy data breach claim.
In this guide, we look at when you could be eligible to claim compensation. We also look at what responsibility pharmacies have to protect the personal data of their patients, and some examples of how personal data could be breached if these responsibilities are not adhered to.
Furthermore, we explain what you should do after having your personal data breached, and how to make a complaint to the Information Commissioner’s Office (ICO), which is an independent body within the UK that upholds rights about information.
As you reach the end of this guide, you can find out how data breach compensation is valued, and why connecting with a No Win No Fee solicitor from our panel might be of great benefit to you.
If a pharmacy has breached your personal data, don’t hesitate to reach out to us. Our panel of data breach solicitors are legal experts and can give you support if you’re eligible to claim compensation. You can contact us for free by:
- Calling 020 8050 3051.
- Filling out our contact us form.
- Messaging in our live chat box.
Contents
- Can I Claim For A Pharmacy Data Breach?
- Can A Pharmacy Share Personal Information Without My Permission?
- What Are Examples Of A Pharmacy Data Breach?
- Can I Complain To The Information Commissioner’s Office (ICO) If My Patient Data Has Been Exposed?
- What Should I Do After A Data Breach?
- How Much Compensation For A Pharmacy Data Breach Claim?
- Can I Use A No Win No Fee Data Breach Solicitor?
- Learn More About How To Make A Data Breach Claim
Can I Claim For A Pharmacy Data Breach?
The Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR) are the laws in place that protect personal data. They state how all data controllers (organisations who decide why and how to handle people’s personal data), and data processors (parties who actually process people’s personal data on the data controller’s behalf), have a responsibility to ensure that all personal data is stored, handled, and processed safely.
As such, it is known as wrongful conduct for a data controller or processor to not adhere to these laws. Some instances of wrongful conduct could potentially lead to a personal data breach.
Personal data breaches are defined as a security breach that leads to the unlawful or accidental destruction, loss, alteration, access to, or unauthorised disclosure of one’s personal data.
If you want to start a pharmacy data breach claim, you must meet the eligibility criteria that is outlined in Article 82 of the UK GDPR:
- A pharmacy did not adhere to their responsibilities as outlined in data protection law.
- Your personal data was compromised in a personal data breach due to this.
- As a result of the personal data breach, you have suffered financially and/or psychologically.
If you believe that you meet the eligibility requirements to claim data breach compensation, please contact us.
Can A Pharmacy Share Personal Information Without My Permission?
A pharmacy must have a valid reason to share your personal data. These reasons are known as a ‘lawful basis’, for which there are 6 of.
Under Article 6 of the UK GDPR, a pharmacy needs to meet at least one of the lawful bases in order to legally process your personal data, of which consent is the first.
Aside from consent, the other 5 lawful bases for using personal data are:
- Contract. Where information must be processed as part of a contract signed with the individual.
- Legal obligation. Where information must be processed in order to comply with the law.
- Vital interests. Where information must be processed in order to protect the individual’s life.
- Public task. Where information must be processed in order to perform a task in the interest of the public that has a clear lawful basis.
- Legitimate interests. Where information must be processed for the legitimate interests of the individual or a third party, unless there’s good reason to override the legitimate interest.
For example, if there’s a concern about the dose of your prescription, it may be in the pharmacy’s vital interests to talk directly to your GP in order to protect your life.
What Are Examples Of A Pharmacy Data Breach?
Here are some examples of how a pharmacy data breach could potentially occur due to data protection laws not being adhered to:
- The pharmacy failed to have sufficient cybersecurity systems in place, which led to cybercriminals accessing your personal data online.
- A pharmacist sent an email with your personal information to the wrong recipient.
- A pharmacist sent a letter with your personal information to the wrong postal address.
- A pharmacist left your personal information open on an unlocked computer screen.
Since the UK GDPR protects both digital and physical forms of personal data, a pharmacy data breach could happen due to various types of wrongful conduct. So, contact us today and discuss how your specific pharmacy data breach occurred with us.
Can I Complain To The Information Commissioner’s Office (ICO) If My Patient Data Has Been Exposed?
If you’ve been subject to a pharmacy data breach, you should make a data protection complaint directly to the pharmacy first before making a complaint to the ICO. This complaint to the pharmacy should include all relevant details of the case.
You then need to give the pharmacy 30 days to respond to your data protection complaint.
If either the pharmacy fails to respond within 30 days, or if their response isn’t adequate enough and you’re unhappy with it, then you can complain to the ICO.
The ICO may then choose to investigate the case. If they find that wrongful conduct has occurred, the ICO can step in and instruct the pharmacy to take action to resolve your complaint.
Please bear in mind that making a complaint to the ICO is entirely separate to making a claim. So, you should contact us if you wish to claim compensation for your suffering following a pharmacy data breach.
What Should I Do After A Data Breach?
If you’ve been subject to a pharmacy data breach, and you wish to claim compensation, you will need to collect as much evidence as possible to best support your case.
Some useful types of evidence include:
- If you made a complaint to the ICO and they decided to investigate the case, you can use their investigation findings as evidence.
- Copies of your medical records that show the extent of the psychological harm you have suffered due to the data breach.
- Financial records that show how you have been financially affected from the data breach, such as bank statements.
- Copies of any correspondence you have had with the pharmacy, such as a notification letter from them.
If you do connect with one of the solicitors from our panel, they will help you collect your evidence as part of their services. To find out whether you can be connected, please contact us today.
How Much Compensation For A Pharmacy Data Breach Claim?
If your pharmacy data breach claim is successful, you could potentially receive compensation for two different types of damage: material damage and non-material damage.
Non-material damage refers to the harm you have suffered psychologically due to the data breach. This includes anxiety, depression, emotional distress, and Post-Traumatic Stress Disorder (PTSD).
Medical evidence might be referred to, along with the Judicial College Guidelines (JCG), to help legal professionals calculate how much your non-material damage is worth.
The JCG is a document that has guideline compensation brackets for different types of psychological harm.
Guideline Compensation Table
In the table below, we have taken some guideline compensation brackets from the JCG for different types of psychological harm. Only the top figure has not been taken from the JCG.
Please also bear in mind that all data breach claims are evaluated on a case-by-case basis, meaning the amount of compensation you could receive cannot be guaranteed.
| Type of injury | Injury severity | Guideline compensation brackets | Notes |
|---|---|---|---|
| Very serious psychological harm with material damage | Very serious | Up to £250,000+ | An award for suffering psychological harm that is very serious, along with material damage such as loss of earnings. |
| Psychiatric Damage Generally | Severe (a) | £66,920 to £141,240 | A very poor prognosis and marked problems with all aspects of life. |
| Moderately severe (b) | £23,270 to £66,920 | Significant problems with all aspects of life, but the prognosis is a bit more optimistic. | |
| Moderate (c) | £7,150 to £23,270 | Problems with all aspects of life, but a trial will mean there is marked improvement and the prognosis is good. | |
| Less severe (d) | £1,880 to £7,150 | The extent to which sleep and daily activities are affected will be considered. | |
| Post-Traumatic Stress Disorder | Severe (a) | £73,050 to £122,850 | The person will not function at anything near the pre-trauma level. All aspects of life will also be badly affected. |
| Moderately severe (b) | £28,250 to £73,050 | There will be some recovery due to professional help, but the effects will cause significant disability at least for the foreseeable future. | |
| Moderate (c) | £9,980 to £28,250 | A large recovery will be made and any continuing effects are not too disabling. | |
| Less severe (d) | £4,820 to £9,980 | A virtual full recovery will be made within 1-2 years. |
Can I Claim For Material Damage After A Data Breach At A Pharmacy?
Material damage refers to the financial losses you have suffered due to the data breach.
This includes loss of earnings, if you have needed to take time off work due to the psychological effects of the data breach.
To receive compensation for material damage for your pharmacy data breach claim, you must provide evidence, such as payslips, receipts, and bank statements.
For more details on how data breach compensation is valued, please have a chat with our team.
Can I Use A No Win No Fee Data Breach Solicitor?
It is free to contact us and find out whether you have an eligible pharmacy data breach claim. If you do, our team can connect you to a No Win No Fee solicitor from our panel. They will be able to offer you a Conditional Fee Agreement (CFA).
Here is how you may benefit from a CFA:
- You don’t pay any solicitor fees before the data breach claims process begins.
- You don’t pay any solicitor fees during the process of the case.
- You don’t pay any solicitor fees if your pharmacy data breach claim turns out unsuccessful.
If your claim does turn out successful, your solicitor will take a success fee from your compensation instead. A success fee is a legally-capped, small percentage.
So, talk to us today about your circumstances. If a pharmacy has compromised your data due to wrongful conduct, and you are suffering psychologically and/or financially as a result, our panel may be able to help you on a No Win No Fee basis. Our contact lines are also available 24/7:
- Calling 020 8050 3051.
- Filling out our contact us form.
- Messaging in our live chat box.
Learn More About How To Make A Data Breach Claim
Here are a few of our other data breach claim guides:
- Find out what the time limit is to begin a data breach claim.
- Learn how to make an NHS data breach claim for compensation.
- More details on how to sue a company for a data breach.
Alternatively, here are some extra resources you may find useful:
- Information Commissioner’s Office (ICO) – an in-depth guide on lawful basis.
- NHS – information on where to access mental health services near you to help with your psychological harm.
- Gov.UK – information on what data protection rights data subjects have.
Thanks for reading our pharmacy data breach claims guide. Please feel free to get in touch with us if you have any questions at all on making a claim enquiry.