In this article, we are going to look at when you could claim for a data breach caused by a failure to use BCC in emails.
As a result of the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), any data that could identify you (the data subject) must not be shared or disclosed without a lawful reason.
The Blind Carbon Copy (BCC) feature of an email system prevents recipients from seeing who else was sent the same message. Therefore, this could help organisations meet their data protection obligations.
However, if they fail to use it, you could suffer from distress, anxiety or embarrassment. You could even be affected financially too. As a result, you could claim for this harm in a data breach compensation claim.
Our advisors can help if you do decide to make a claim. We provide a telephone consultation where your case will be assessed and you’ll be given free legal advice on how to proceed.
For cases that appear to have a reasonable chance of success, we could connect you with a solicitor from our panel. If they accept your failure to use BCC data breach claim, they’ll process your claim on a No Win No Fee basis. As a result, you won’t need to pay for your solicitor’s work unless you are paid compensation.
We’re here to help when you’re ready to start your claim. To contact us right away, you can call on 0800 408 7825. To find out more about your options before contacting us, please read on.
Select A Section
- What Are Failure To Blind Carbon Copy Data Breaches?
- How Should BCC And CC Be Used When Sending Bulk Emails?
- Is Not Using BCC A Breach Of UK GDPR?
- What Damages Could Be Awarded For A BCC Data Breach?
- Failure To Use BCC Data Breach Compensation Calculator
- Should I Go With A No Win No Fee Damages Solicitor?
- Get In Touch Now
- Archives And Related Articles
What Are Failure To Blind Carbon Copy Data Breaches?
In this guide, we’ll try to answer questions like:
- Is not using the BCC field a breach of GDPR?
- Can you get compensation for a data protection breach?
- What is a No Win No Fee claim?
You might think that sending an email to multiple recipients without obfuscating their email addresses is not a serious error. However, the UK GDPR defines personal data as information about somebody that could be used to identify them directly or indirectly.
As a result, an email address could help to identify somebody if it contains both their forename and surname or links to a photo. It could even help identify them if it doesn’t contain their name.
That’s especially true when the email is sent to a group of people who could mix socially, professionally or live in the same area.
Let’s look at an example:
A London HIV clinic sent an email to its mailing list but failed to use the BCC field. While the email itself didn’t contain any personal information, it meant that some of the recipients could potentially have been identified by others.
Importantly, even if an email address doesn’t contain the recipient’s name, it could still lead to their identification in conjunction with other information.
How Should BCC And CC Be Used When Sending Bulk Emails?
The Carbon Copy (CC) field in emails is used to allow the same email to be sent to a group of people. It is often used in workplaces and can be a useful way of facilitating group conversations. Recipients can choose to ‘reply to all’ or ‘reply to sender’ when responding.
The BCC field, however, should be used when sending bulk emails to hide who else the message is being sent to. Examples of where this should be used include mailing lists, newsletters and other scenarios where there isn’t a lawful reason to share personal information.
Is Not Using BCC A Breach Of UK GDPR?
The two items to check for to see if a data breach has occurred are:
- Does your email contain your name i.e. email@example.com? Alternatively (or in addition), does the email contain personal information? If not, it’s unlikely that a data breach has occurred.
- Does the sender have your permission or another lawful basis to share your email address? If they don’t, a data breach may have occurred.
To be eligible to start a claim, you will need to show that:
- An organisation was supposed to protect your personal data. However, their positive wrongful conduct led to a personal data breach and your personal data was affected.
- You have suffered psychologically or financially (or both) as a result of the data breach.
What Damages Could Be Awarded For A BCC Data Breach?
Data breach claims, including those relating to failure to use BCC, can be made for two different forms of suffering:
- Material damage. This part of your claim will relate to costs, expenses or financial losses caused by the breach.
- Non-material damage. This is where you’d claim for any mental harm caused by the data breach. As mentioned earlier, you could be compensated if the breach resulted in any type of distress.
When making a claim, you should aim to begin as soon as possible. That’s due to the fact that, like car accident claims, workplace accident claims or council accident claims, you’ll need to abide by time limits.
Failure To Use BCC Data Breach Compensation Calculator
In an important data breach case at the Court of Appeal (Vidal-Hall and others v Google Inc ), a ruling was made that altered the right to claim compensation for mental harm. Previously, you needed to prove you’d lost money because of a data breach before you could claim for psychological injuries. Following the hearing, this is no longer the case. You could claim for both financial loss and psychological harm, or either.
Additionally, in the hearing of Gulati & Others v MGN Limited , the Court held that compensation payment amounts for any injuries caused by a data breach should be awarded using the same amounts that are paid in personal injury claims.
Therefore, to show you how much you might receive for any psychiatric harm following a failure to use BCC data breach, our compensation table below uses data from the Judicial College Guidelines. (Legal professionals use these guidelines to help them value injuries.)
|Harm||Severity||Compensation Range||Further Details|
|PTSD||Severe (a)||£56,180 to £94,470||A return to pre-trauma levels of functioning (or work) will not be possible due to permanent PTSD symptoms that will cause problems in all aspects of life.|
|PTSD||Moderately Severe (b)||£21,730 to £56,180||With professional help, the claimant should be able to improve despite significant initial symptoms.|
|PTSD||Moderate (c)||£7,680 to £21,730||In this category some minor symptoms might persist but, in the main, the claimant will mostly have recovered.|
|General Psychiatric Damage||Factors considered: The ability to cope with life and work; Relationship problems; Whether treatment will help; Future vulnerability; Medical prognosis.|
|General Psychiatric Damage||Severe (a)||£51,460 to £108,620||A very poor prognosis with problems with all factors listed.|
|General Psychiatric Damage||Moderately Severe (b)||£17,900 to £51,460||Initially, there will be significant symptoms but there will be a more optimistic prognosis.|
|General Psychiatric Damage||Moderate (c)||£5,500 to £17,900||All factors will have affected the claimant but a good prognosis will be given with the chance of a good recovery.|
You will need a medical assessment to help establish how much you’ve suffered. It can also help prove that your injuries were caused or worsened by an accident that wasn’t your fault. Our panel of data breach lawyers can usually book these locally for you.
Should I Go With A No Win No Fee Damages Solicitor?
Are you thinking of claiming for a failure to use BCC causing a data breach? Are you concerned about losing money on solicitor fees if the claim isn’t successful? If so, we can help. Our panel of data breach solicitors provide a No Win No Fee service.
No Win No Fee Claims
If you’re connected with a solicitor, they’ll check that they’re happy to work on your case. If they are, they’ll provide you with a Conditional Fee Agreement (CFA). (This is the formal term for No Win No Fee agreement.) This contract will explain what your solicitor needs to achieve before you need to pay them.
The CFA will discuss the success fee you’ll pay if the claim works out in your favour. This fee is an agreed percentage of your compensation which, by law, is capped. As per the No Win No Fee phrase, you won’t pay the success fee if your case is lost.
Get In Touch Now
We are ready to help if you’ve decided to proceed with a ‘failure to use BCC’ data breach claim. The best methods of contacting us include:
- Contacting our advisors on 0800 408 7825.
- Asking an online specialist for advice in live chat.
- Contacting us online so that we can get back to you.
Archives And Related Articles
Here are some additional resources that could help you if you’re thinking about claiming for a failure to use BCC resulting in a data breach:
Privacy and Electronic Communications Regulations Guide – Information on another law relating to data protection.
The Information Commissioner’s Office (ICO) – The body responsible for data protection enforcement in the UK.
PTSD Symptoms – Advice from the NHS about the symptoms of Post-Traumatic Stress Disorder.
Claiming For Lost Wages – A look at when you could claim for lost income as part of your claim.
Read More Data Breach Claims Guides
We also have some other guides you may find useful:
- UK GDPR data breach claims
- How to find specialist data breach solicitors
- Can I sue my employer for emotional distress after a data breach?
- Finding a data protection solicitor
- Can you claim compensation for an email data breach?
- Human error data breaches
- Wrong postal address data breach
- Stolen or lost device data breach claims
- Claims for a breach of UK GDPR
- Data breach compensation examples
- Work with a data protection solicitor on a No Win No Fee basis
- Misdirected fax data breach
- Credit card data breach claims
- Dentist data breach claims
- HMRC data breach claims
- Make a data breach claim against a solicitor
- Can social services breach data protection law?
- Police force data breach claims
- Housing association data breach claims
- Private healthcare data breach claims
- NHS data breach claims
- How to claim compensation for a data breach by a pharmacy?
- Optician data breach claims
- How to deal with a data protection breach
- Has my data been breached?
- Check your data breach claim value
- Data protection breach examples in the UK
- How to find a data protection solicitor
- Can I claim compensation if my data is breached?
- Can I sue social services for distress after a data breach?
- Data breach compensation claims – the essential guide
- Claim for a personal data breach under the UK GDPR
- My data has been breached, what can I do?
- Data breach definition and claims advice
- How to claim compensation for a data breach
- How to report a UK GDPR data breach and make a claim
- How to deal with a data protection breach
- Claim for a data protection breach
- Am I eligible to make a data breach claim?
- How long do you have to report a data breach?
You’ve reached the end of our guide on failure to use BCC claims.
Article by RA