Can You Claim Compensation For An Email Data Breach?

By Cat Mulligan. Last Updated 26th May 2023. This is our article on claiming compensation for an email data breach. It’s important to know what constitutes an email breach and, if it happens, whether this makes you eligible to receive compensation. Over the course of this guide, we will be explaining the justification for these kinds of claims and the process of claiming. 

A breach of this kind can occur because of human error, or it can be the intentional result of an act of malice. You may be able to claim data breach compensation in either scenario. 

If you have any questions on this subject, then we encourage you to get in touch with us. Our advisors are here to help in any way they can. Once we know more about your circumstances, we may be able to connect you with an expert data breach solicitor if we believe you could have a legitimate claim.

Read on for more information. You’ll also find how you can talk to us just below.

  • Speak to us on the phone –  0800 408 7825
  • Contact us through our website
  • Chat with us using the pop-up window in the corner 

Choose A Section To Jump To

  1. What Is An Email Data Breach?
  2. Is It A Data Breach To Share An Email Address?
  3. What Are The Common Causes Of Email Related Data Breaches?
  4. Email Data Breach – What Could Happen?
  5. Email Data Breach Compensation Calculator
  6. Email Data Breach – Claim With A No Win No Fee Lawyer

What Is An Email Data Breach?

A data breach occurs when the confidentiality, integrity or availability of personal data is compromised. Examples include when data is:

  • Altered
  • Lost
  • Destroyed
  • Disclosed to unauthorised parties 
  • Accessed by unauthorised personnel

Personal data is any data that can be used, in isolation or when combined with other information, to identify natural persons. Data breaches have the potential to cause both material and non-material damage. 

There are laws in place to protect personal data. The General Data Protection Regulations (GDPR) was a piece of EU legislation that was introduced in 2018. This was ratified into UK law with the Data Protection Act 2018 (DPA).

Now, an updated version of the DPA sits alongside a piece of legislation called the UK GDPR. This is the regime we refer to in relation to data protection since the UK has left the EU.

It is important to note that you cannot claim just for the fact that your data has been breached. You also need to show that:

  • The breach caused you harm
  • That positive wrongful conduct on the part of the data controller or processor allowed the breach to happen

If a data breach occurred despite the entity doing all they could to secure your data, you would be unable to claim.

Email Data Breach – Examples

An email data breach can take many forms. Here are a few examples of what would be categorised as a data breach with email involved:

  • Hard copies of records – For instance, you may have given in your email address to a data controller in written form. This needs to be given the same level of security as if it were digitally stored. For example, it could be locked in a filing cabinet.
  • Not using Blind Carbon Copy (BCC) – This function sends an email to an additional recipient but does not display their email address. If the BCC function is not used, then this could lead to the email address being revealed without their consent. In some cases, the email address may also reveal the user’s name or even their year of birth. For example,
  • Loss of a storage device – This could include laptops and smartphones, USB sticks and similar pieces of hardware.

If you’re unsure whether you could claim for an email breach, get in touch with our advisors today. We can help you with any questions you may have regarding your potential claim.

Is It A Data Breach To Share An Email Address?

There are some instances where sharing an email address would not be an example of a data breach. This could include a shared email address. 

For example, if a work email address is, this would not be classed as personal data. There is no way of identifying an individual through this information, either alone or when combining it with other information.

However, if your work email address contains your full first and last names, you could be identified through this. Similarly, you could be identified through your personal email address.

For more information on what could be considered an email data breach, speak with a member of our team today. If they feel you have a valid claim, you could be connected with a No Win No Fee solicitor from our panel.

What Are The Common Causes Of Email Related Data Breaches?

There are a number of different ways that an email-related data breach could occur; we will look at some of these in this section.

For example, your email address could be stored digitally or on paper, which is left unsecured. This could lead to someone who is not authorised to access this information being able to do so.

Similarly, an email data breach could occur if the person sending an email failed to use BCC. This could result in the entire recipient list being able to see each other’s email addresses. If the other email recipients were not authorised to view this information, this would be considered a breach.

In addition to this, there could be a scenario whereby an email address is sent to the incorrect recipient. If the email address then contained personal information, this would be classed as a breach.

This list is not exhaustive. There may be other ways that a data breach could occur, causing you harm. To see if you could have grounds for a successful claim, get in touch with our team of advisors today.

Email Data Breach – What Could Happen?

The unauthorised disclosure of a person’s email in a data breach could lead to psychiatric or financial harm. If your data is subject to a breach, you could potentially experience:

  • Fraud
  • Stalking
  • Phishing
  • The sending of spam or malware
  • Hacking

As we’ve said, if an organisation is responsible for the safeguarding of your personal data you can claim against them for failing to sufficiently fulfil their responsibilities if you are harmed.

If you have suffered because of a data breach of your email address then please reach out to one of our advisers to discuss what you could be eligible to claim for.

What Is The Time Limit For Making Data Breach Claims?

To be eligible to make a personal data breach claim following a data breach by email, you will need to prove that your personal information was compromised in the breach due to the data controller or processor’s failings. Additionally, you must have suffered psychological harm or financial loss due to the breach.

If you meet these criteria, you also must ensure that you start your claim within the correct time limit. Generally, you will have 6 years to start your personal data breach claim. However, this is reduced to one year for data breach claims against a public body.

To see whether you could be eligible to make a claim following an email data breach, you can contact our advisors.

Email Data Breach Compensation Calculator

When you experience a breach of your personal data, the harm that you experience can be put into two different categories. These are material and non-material damage.

Non-material damage refers to the psychological impact that the breach has had on you. The amount is worked out using the same publication as in personal injury law. The publication is called the Judicial College Guidelines (JCG). 

The decision to use the JCG when valuing a non-material damages claim was made due to a recommendation from the judge presiding over the case of Gulati & others vs MSN Ltd. 2015.

We’ve included some example entries from the JCG below so you can see how it’s laid out. The figures listed are based on similar past cases, but they are not guaranteed.

Awarded For Description Amount
General psychiatric damage (a) Severe – the person’s life will be negatively affected and they will struggle to maintain personal relationships. £54,830 to £115,730
General psychiatric damage (b) Moderately severe – The person will still suffer with significant issues, however there will be an optimistic prognosis. £19,070 to £54,830
General psychiatric damage (c) Moderate – Marked improvements will have been made despite suffering with various issues and the prognosis will be good. £5,860 to £19,070
General psychiatric damage (d) Less severe – Factors such as how much daily activities/sleep were affected will impact how much is awarded. £1,540 to £5,860
PTSD (a) Severe – The person will suffer with permanent issues that will prevent them from being able to function as they did before the trauma. £59,860 to £100,670
PTSD (b) Moderately severe – The person is likely to suffer with various problems for the foreseeable future. However, there is room for some recovery with help from a professional. £23,150 to £59,860
PTSD (c) Moderate – A significant recovery will have been made, and any persisting effects wont be grossly disabling. £8,180 to £23,150
PTSD (d) Less Severe – A virtual full recovery will have been made within 1-2 years. £3,950 to £8,180

Whilst compensation for non-material damage covers psychological harm, compensation for material damage covers any financial losses that can be attributed to the email data breach. Due to a ruling by the judge presiding over the case of Google vs Vidal-Hall 2015, you can now claim for either figure independently or a combination of the two. 

For example, if your bank details or credit card information was exposed in a breach, then this could cause you to lose money. The money you have lost could be included in the value of your claim.

Get in touch today for more information on both material and non-material damage and how each could be compensated. 

Email Data Breach – Claim With A No Win No Fee Lawyer

When claiming for a personal data breach by email, you might want to consider being legally represented in your claim. The solicitors on our panel could help you with your claim. They have years of experience handling various claims and could help you claim if you have been affected by an email data breach that involved your personal information. They may even offer you a type of No Win No Fee agreement called a Conditional Fee Agreement. Working with a solicitor under this type of agreement generally has various benefits, such as:

  • Not having to pay your solicitor any upfront or ongoing fees.
  • Not having to pay your solicitor for their services if the claim fails.
  • If the claim succeeds, you will pay your solicitor a success fee. A success fee is a legally capped percentage taken from your compensation.

Contact our advisors today if you have any questions about claiming for an email breach of personal data with a No Win No Fee agreement. Our advisors are available 24 hours a day, 7 days a week, to offer you free legal advice and answer any of the questions you may have about personal injury claims. Additionally, if they believe that you may be eligible for compensation, they could connect you to our panel of solicitors.

To contact an advisor today, you can:

Human Error Data Breach Resources

The links below will take you to additional information.

  1. Our guide on claims regarding the wrong postal address.
  2. Am article of ours on pharmacy data breaches.
  3. Find out if you could claim for a misdirected fax.
  4. Check a possible data breach compensation amount here
  5. Read about making a complaint to the ICO – the independent UK agency responsible for imposing financial penalties upon organisations who are responsible for data being breached.
  6. You can also find out more about action that the ICO has taken.
  7. You could claim compensation if a data breach has affected your mental health. We’ve linked to an overview of clinical depression from the NHS

Thank you for taking the time to read our guide on claiming for an email data breach.

Guide by AI

Publisher ET