Can You Claim Compensation For An Email Data Breach?

This is our article on claiming compensation for an email data breach. It’s important to know what constitutes an email breach and, if it happens, whether this makes you eligible to receive compensation. Over the course of this guide, we will be explaining the justification for these kinds of claims and the process of claiming. 

A breach of this kind can occur because of human error, or it can be the intentional result of an act of malice. You may be able to claim data breach compensation in either scenario. 

If you have any questions on this subject, then we encourage you to get in touch with us. Our advisors are here to help in any way they can. Once we know more about your circumstances, we may be able to connect you with an expert data breach solicitor if we believe you could have a legitimate claim.

Read on for more information. You’ll also find how you can talk to us just below.

  • Speak to us on the phone –  0800 408 7825
  • Contact us through our website
  • Chat with us using the pop-up window in the corner 

Choose A Section To Jump To

  1. What Is An Email Data Breach?
  2. Is It A Data Breach To Share An Email Address?
  3. What Are The Common Causes Of Email Related Data Breaches?
  4. How Human Error Could Cause Email Data Breaches
  5. Email Data Breach Compensation Calculator
  6. Can I Make A No Win No Fee Email Data Breach Claim?

What Is An Email Data Breach?

A data breach occurs when the confidentiality, integrity or availability of personal data is compromised. Examples include when data is:

  • Altered
  • Lost
  • Destroyed
  • Disclosed to unauthorised parties 
  • Accessed by unauthorised personnel

Personal data is any data that can be used, in isolation or when combined with other information, to identify natural persons. Data breaches have the potential to cause both material and non-material damage. 

There are laws in place to protect personal data. The General Data Protection Regulations (GDPR) was a piece of EU legislation that was introduced in 2018. This was ratified into UK law with the Data Protection Act 2018 (DPA).

Now, an updated version of the DPA sits alongside a piece of legislation called the UK GDPR. This is the regime we refer to in relation to data protection since the UK has left the EU.

It is important to note that you cannot claim just for the fact that your data has been breached. You also need to show that:

  • The breach caused you harm
  • That positive wrongful conduct on the part of the data controller or processor allowed the breach to happen

If a data breach occurred despite the entity doing all they could to secure your data, you would be unable to claim.

Is It A Data Breach To Share An Email Address?

There are some instances where sharing an email address would not be an example of a data breach. This could include a shared email address. 

For example, if a work email address is, this would not be classed as personal data. There is no way of identifying an individual through this information, either alone or when combining it with other information.

However, if your work email address contains your full first and last names, you could be identified through this. Similarly, you could be identified through your personal email address.

For more information on what could be considered an email data breach, speak with a member of our team today. If they feel you have a valid claim, you could be connected with a No Win No Fee solicitor from our panel.

What Are The Common Causes Of Email Related Data Breaches?

There are a number of different ways that an email-related data breach could occur; we will look at some of these in this section.

For example, your email address could be stored digitally or on paper, which is left unsecured. This could lead to someone who is not authorised to access this information being able to do so.

Similarly, an email data breach could occur if the person sending an email failed to use BCC. This could result in the entire recipient list being able to see each other’s email addresses. If the other email recipients were not authorised to view this information, this would be considered a breach.

In addition to this, there could be a scenario whereby an email address is sent to the incorrect recipient. If the email address then contained personal information, this would be classed as a breach.

This list is not exhaustive. There may be other ways that a data breach could occur, causing you harm. To see if you could have grounds for a successful claim, get in touch with our team of advisors today.

How Human Error Could Cause Email Data Breaches

As we have already mentioned, data breaches can be the result of human error. While not malicious, these data breaches still have the potential to cause harm. There are two main categories of human error data breaches; skills-based and decision-based errors.

Skills-based errors are ones where the breach occurs because of a breach or a lapse. For example, it might be that you have two different people in your email inbox with very similar email addresses, and you send an email containing personal data to the wrong email address. Alternatively, you might have a filing cabinet containing personal data in an office, and someone forgets to lock it after retrieving a file. 

Decision-based errors are ones where the person in question has made a conscious choice to take a certain course of action, but this course of action is incorrect. For example, someone might send out an email but fail to use the BCC function because they aren’t aware that they need to do this. 

Decision-based and skills-based data breaches may be avoided with training. However, if you can show that the organisation in question did not do enough to prevent an email data breach from occurring, then you may be able to claim.

Email Data Breach Compensation Calculator

When you experience a breach of your personal data, the harm that you experience can be put into two different categories. These are material and non-material damage.

Non-material damage refers to the psychological impact that the breach has had on you. The amount is worked out using the same publication as in personal injury law. The publication is called the Judicial College Guidelines (JCG). 

The decision to use the JCG when valuing a non-material damages claim was made due to a recommendation from the judge presiding over the case of Gulati & others vs MSN Ltd. 2015.

We’ve included some example entries from the JCG below so you can see how it’s laid out. The figures listed are based on similar past cases, but they are not guaranteed.

Awarded ForDescriptionAmount
PTSD(d) Post-traumatic stress disorder of a less severe nature - almost a full recovery within 2 years£3,710 to £7,680
General psychiatric damage(c) Moderate - a better prognosis than more severe cases, with marked improvement£5,500 to £17,900
PTSD(a) Severe - when the victim’s ability to work is removed or greatly reduced£56,180 to £94,470
General psychiatric damage(d) Less severe - when things like sleep and other daily activities are affected. The extent to which they are affected could impact the compensation award.£1,440 to £5,500
PTSD(b) Moderately severe - not quite as bad as more severe cases due to a better prognosis£21,730 to £56,180
General psychiatric damage(a) Severe - the person’s life will be greatly affected in many areas£51,460 to £108,620
PTSD(c) Moderate - a good recovery with side effects minimal, if any£7,680 to £21,730
General psychiatric damage(b) Moderately severe - significant problems will be present, but with a greater cause for optimism£17,900 to £51,460

Whilst compensation for non-material damage covers psychological harm, compensation for material damage covers any financial losses that can be attributed to the email data breach. Due to a ruling by the judge presiding over the case of Google vs Vidal-Hall 2015, you can now claim for either figure independently or a combination of the two. 

For example, if your bank details or credit card information was exposed in a breach, then this could cause you to lose money. The money you have lost could be included in the value of your claim.

Get in touch today for more information on both material and non-material damage and how each could be compensated. 

Can I Make A No Win No Fee Claim?

An email data breach claim may seem daunting, especially when you consider the potential cost involved in hiring legal help. However, all of the expert lawyers on our panel work on a No Win No Fee basis. 

When making a claim with a No Win No Fee solicitor, you are only required to pay your solicitor if you are awarded compensation. Then a small percentage of your compensation is taken as a success fee.

If your claim is unsuccessful, then you don’t need to pay them anything at all. There’s also nothing to pay them in order for them to start working on your claim, or throughout the claims process. 

For more information on No Win No Fee agreements, or on email data breach claims in general, speak with a member of our team today. You can get in touch using the details below. 

  • Speak to us on the phone – 0800 408 7825
  • Contact us through our website
  • Chat with us using the pop-up window in the corner   

Human Error Data Breach Resources

The links below will take you to additional information.

  1. Our guide on claims regarding the wrong postal address.
  2. Am article of ours on pharmacy data breaches.
  3. Find out if you could claim for a misdirected fax.
  4. Check a possible data breach compensation amount here
  5. Read about making a complaint to the ICO – the independent UK agency responsible for imposing financial penalties upon organisations who are responsible for data being breached.
  6. You can also find out more about action that the ICO has taken.
  7. You could claim compensation if a data breach has affected your mental health. We’ve linked to an overview of clinical depression from the NHS

Thank you for taking the time to read our guide on claiming for an email data breach.

Guide by AI

Publisher ET