How To Claim For A Wrong Email Address Data Breach

By Mark Clause. Last Updated 29th July 2022. Did you know that according to the rules of the UK General Data Protection Regulation (UK GDPR), sending an email to the wrong address could constitute a data breach? That may be the case if somebody sends an email containing your personal information to the wrong recipient. If that happens, it can lead to all sorts of problems that cause you to suffer. It could also mean you’re able to make a wrong email address data breach claim if the incident has caused you to suffer psychologically or financially.

Wrong email address data breach

Wrong email address data breach guide

You might be entitled to claim back any money lost if your details were used fraudulently or you could claim for any anxiety, depression or distress caused by the incident. That is, if the organisation that was supposed to protect your personal data failed to through positive wrongful conduct.

Proving that a data breach has happened and caused you to suffer can be tricky. You may, therefore, wish to engage the services of a data breach solicitor to make things easier. Our panel of solicitors work on a No Win No Fee basis for data breach claims they take on.

To begin the claims process right away, please call 0800 408 7825 today. Alternatively, please read on to read about other email problems that could lead to a claim.

Select A Section

What Is A Wrong Email Address Data Breach?

A data controller (the organisation that decide how and why your personal data will be used) must be careful when sending emails containing personally identifiable information about a data subject (you). If the wrong email address is used or an email is sent to you for purposes you have not agreed to, a data breach might have happened.

An email address is an example of personal data. That’s because it can be used to identify you, whether on its own or alongside other information.

You might not think that sending an email to the wrong person would be problematic. However, think about the consequences if the email contained the following information:

  • Your bank details.
  • Information from your medical records.
  • Data that could be used to facilitate identity theft.

Personally identifiable data should be protected under the UK GDPR’s rules. If it’s not, and it is shared with others electronically, you could start a wrong email data breach claim.

It’s important to note, however, that not every data breach would result in a data breach claim. If the organisation that was supposed to protect your personal data failed to because of their own positive wrongful conduct, and you suffered mental or financial harm as a result, you could claim.

If you are thinking of claiming, please get in touch. We’d suggest acting swiftly because while some data breach claims have 6-year time limits, others are limited to just 1 year. Our advisors are ready to review your claim for free and check whether you could be connected with the data breach lawyers on our panel.

Is Sharing An Email Address A Breach Of GDPR?

You may be wondering, “is sharing an email address a breach of data protection?” This could be the case, though not always. It depends on the circumstances, as well as the content of the email. If the email contains private information relating to a person or company, then this could be a breach. As could sharing the email address of one or more people to a third party without their permission.

If an email is sent to the wrong person and it causes psychological or financial harm as a result, this could potentially lead to a claim. Get in touch with our advisors today if your personal data was sent to the wrong address for a free eligibility check or compensation estimate.

Types Of Data Breach Caused By Misdirected Emails

Let’s look now at some examples that could lead to a wrong email address data breach claim. If you’re not sure if you have a claim because we’ve not listed an example similar to your case, please call.

Sending personal information to the wrong person

Where an email is intended for you but is sent to the wrong recipient, it could cause problems for you. For example, if an email from your employer containing details of a disciplinary were to be sent to a colleague accidentally, it could lead to embarrassment and distress.

Not Using The BCC Field

When sending bulk emails, the Bcc field should be used to obfuscate the list of recipients. That’s because email addresses can contain first and last names and help to identify the recipient. Any email address would be personal information.

In an example of where this has gone wrong, an HIV clinic in London sent an email to its mailing list but failed to use the Bcc field. While the email didn’t contain personal data, a data breach occurred because the recipients could see others’ email addresses without a lawful basis to.


Not getting consent to store or use an email address

Companies that store email addresses generally need permission to store and use them. Furthermore, they can only use them for the purposes agreed to by the data subject unless there’s a lawful exception. Therefore, if you give your email address to register for a website, it shouldn’t be used for marketing purposes unless you agree in advance.

Types Of Damages Awarded For A Data Protection Breach

If you make a wrong email data breach claim, the UK GDPR allows for two forms of compensation. You could claim for:

  • Material damage. This covers any financial impact caused by the email data breach. It could include expenses, costs or money stolen from you if your details were used by criminals.
  • Non-material damage. This is where you claim for any mental harm sustained as a result of the incident. Examples include distress, anxiety and embarrassment. We’ll provide some compensation estimates for this type of damage in the next section.

As well as thinking about the suffering you’ve already endured, you’ll need to think about any long-term suffering too. For that reason, you will need a medical assessment during your claim. This is a normal part of the claims process and the solicitors from our panel can usually arrange it locally.

Wrong Email Address Data Breach Damages Calculator

Let’s now look at potential compensation amounts for wrong email address data breach claims. Before we do, we’ll explain some court rulings that are relevant:

  • In the case of, Vidal-Hall and others v Google Inc [2015], the Court of Appeal ruled that compensation should be considered for psychological harm caused by a data breach regardless of whether the claimant lost any money because of it. Previously, claims were only possible if there had been some financial loss as well.
  • In the case of Gulati & Others v MGN Limited [2015], a ruling was made that compensation for injuries caused by data breaches should be awarded at levels used in personal injury claims.

Therefore, we have used figures from the Judicial College Guidelines in our compensation table below. These guidelines are used by personal injury lawyers to estimate compensation figures.

Injury Type Severity Settlement Range Additional Notes
General Psychiatric Damage This category is based on the following factors: 1) How the claimant can cope with life, work or education; 2) any impact on relationships; 3) Whether treatment will be successful; 4) If the claimant will remain vulnerable; 5) Prognosis; 6) Whether treatment was sought.
Severe (a) £54,830 to £115,730 Marked problems with all factors. A very poor prognosis.
Moderately Severe (b) £19,070 to £54,830 Significant problems with all factors. A much more optimistic prognosis.
Moderate (c) £5,860 to £19,070 Problems with all factors initially but with marked improvements. A good prognosis.
Less Severe (d) £1,540 to £5,860 Considers how long the claimant has suffered with daily activities.
Post-Traumatic Stress Disorder Symptoms include flashbacks, sleep disturbance, mood disorders, nightmares, avoidance, hyper-arousal and suicidal ideation.
Severe (a) £59,860 to £100,670 Permanent symptoms affecting all aspects of life.
Moderately Severe (b) £23,150 to £59,860 Similar to above but there will be a chance of some recovery with professional support.
Moderate (c) £8,180 to £23,150 In this category, the claimant will have largely recovered. Any ongoing symptoms will not be grossly disabling.
Less Severe (d) £3,950 to £8,180 In this category, an almost full recovery will have happened over a one to two-year period.

To find out how much you could claim following a wrong email address data breach, please call today.

Claim With A No Win No Fee Data Breach Lawyer

For many people, the thought of beginning legal action can be intimidating. As well as dealing with complex legal questions, there’s the thought of losing money on upfront solicitor fees. That’s where we can help though. Our panel of data breach solicitors provide a No Win No Fee service. That means you won’t pay any solicitor fees if your claim is lost.

At the start of the process, the solicitor will review your claim with you. If they agree to represent you, the criteria they’ll need to meet before you pay them will be set out in a Conditional Fee Agreement (CFA). (This is the formal term for a No Win No Fee agreement.)

Within the CFA, you’ll find a section on success fees. This is what you’ll pay your solicitor if you receive compensation. It is a small percentage of the award that you receive that’s deducted by your solicitor. Legally, success fees are capped so you can’t be overcharged.

If you’d like to check if a solicitor from our panel could help you, please call today.

Talk To Us

We hope that this guide about wrong email address data breach claims has been helpful. If you would now like to begin a claim with us, you can:

  • Call our team of specialist advisors on 0800 408 7825 for free legal advice about your options.
  • Use our live chat service to find out more about claiming online.
  • Contact us via our website to get a callback at a time that suits you.

When you get in touch, we’ll check whether you have the grounds to claim. You can ask any questions you need to during your free consultation and we’ll assess the chances of success. Should your claim be taken on by a data breach lawyer from our panel, they’ll work for you on a No Win No Fee basis.

Where Could I Learn More?

You have reached the last section of this guide. Therefore, we’ve added some more reading material that might prove helpful below.

Thanks for reading our article about wrong email address data breach claims.

Article by RA

Publisher UI