Did you know that according to the rules of the UK General Data Protection Regulation (UK GDPR), sending an email to the wrong address could constitute a data breach? That may be the case if somebody sends an email containing your personal information to the wrong recipient. If that happens, it can lead to all sorts of problems that cause you to suffer. It could also mean you’re able to make a wrong email address data breach claim if the incident has caused you to suffer psychologically or financially.
You might be entitled to claim back any money lost if your details were used fraudulently or you could claim for any anxiety, depression or distress caused by the incident. That is, if the organisation that was supposed to protect your personal data failed to through positive wrongful conduct.
Proving that a data breach has happened and caused you to suffer can be tricky. You may, therefore, wish to engage the services of a data breach solicitor to make things easier. Our panel of solicitors work on a No Win No Fee basis for data breach claims they take on.
To begin the claims process right away, please call 0800 408 7825 today. Alternatively, please read on to read about other email problems that could lead to a claim.
Select A Section
- What Is A Wrong Email Address Data Breach?
- Is Sharing An Email Address A Breach Of Data Protection?
- Types Of Data Breach Caused By Misdirected Emails
- Types Of Damages Awarded For A Data Protection Breach
- Wrong Email Address Data Breach Damages Calculator
- Claim With A No Win No Fee Data Breach Lawyer
- Talk To Us
- Where Could I Learn More?
What Is A Wrong Email Address Data Breach?
A data controller (the organisation that decide how and why your personal data will be used) must be careful when sending emails containing personally identifiable information about a data subject (you). If the wrong email address is used or an email is sent to you for purposes you have not agreed to, a data breach might have happened.
An email address is an example of personal data. That’s because it can be used to identify you, whether on its own or alongside other information.
You might not think that sending an email to the wrong person would be problematic. However, think about the consequences if the email contained the following information:
- Your bank details.
- Information from your medical records.
- Data that could be used to facilitate identity theft.
Personally identifiable data should be protected under the UK GDPR’s rules. If it’s not, and it is shared with others electronically, you could start a wrong email data breach claim.
It’s important to note, however, that not every data breach would result in a data breach claim. If the organisation that was supposed to protect your personal data failed to because of their own positive wrongful conduct, and you suffered mental or financial harm as a result, you could claim.
If you are thinking of claiming, please get in touch. We’d suggest acting swiftly because while some data breach claims have 6-year time limits, others are limited to just 1 year. Our advisors are ready to review your claim for free and check whether you could be connected with the data breach lawyers on our panel.
Is Sharing An Email Address A Breach Of Data Protection?
The rules of the UK GDPR mean there needs to be a lawful basis to process and share personal information. As such, sharing email addresses without your permission could constitute a data protection breach.
There are several lawful bases for processing personal data. Some do not require your permission. However, if your email address has been shared without your consent and you’ve suffered as a result, why not call to check if you have a valid data breach claim?
Types Of Data Breach Caused By Misdirected Emails
Let’s look now at some examples that could lead to a wrong email address data breach claim. If you’re not sure if you have a claim because we’ve not listed an example similar to your case, please call.
Sending personal information to the wrong person
Where an email is intended for you but is sent to the wrong recipient, it could cause problems for you. For example, if an email from your employer containing details of a disciplinary were to be sent to a colleague accidentally, it could lead to embarrassment and distress.
Not Using The BCC Field
When sending bulk emails, the Bcc field should be used to obfuscate the list of recipients. That’s because email addresses can contain first and last names and help to identify the recipient. Any email address would be personal information.
In an example of where this has gone wrong, an HIV clinic in London sent an email to its mailing list but failed to use the Bcc field. While the email didn’t contain personal data, a data breach occurred because the recipients could see others’ email addresses without a lawful basis to.
Not getting consent to store or use an email address
Companies that store email addresses generally need permission to store and use them. Furthermore, they can only use them for the purposes agreed to by the data subject unless there’s a lawful exception. Therefore, if you give your email address to register for a website, it shouldn’t be used for marketing purposes unless you agree in advance.
Types Of Damages Awarded For A Data Protection Breach
If you make a wrong email data breach claim, the UK GDPR allows for two forms of compensation. You could claim for:
- Material damage. This covers any financial impact caused by the email data breach. It could include expenses, costs or money stolen from you if your details were used by criminals.
- Non-material damage. This is where you claim for any mental harm sustained as a result of the incident. Examples include distress, anxiety and embarrassment. We’ll provide some compensation estimates for this type of damage in the next section.
As well as thinking about the suffering you’ve already endured, you’ll need to think about any long-term suffering too. For that reason, you will need a medical assessment during your claim. This is a normal part of the claims process and the solicitors from our panel can usually arrange it locally.
Wrong Email Address Data Breach Damages Calculator
Let’s now look at potential compensation amounts for wrong email address data breach claims. Before we do, we’ll explain some court rulings that are relevant:
- In the case of, Vidal-Hall and others v Google Inc , the Court of Appeal ruled that compensation should be considered for psychological harm caused by a data breach regardless of whether the claimant lost any money because of it. Previously, claims were only possible if there had been some financial loss as well.
- In the case of Gulati & Others v MGN Limited , a ruling was made that compensation for injuries caused by data breaches should be awarded at levels used in personal injury claims.
Therefore, we have used figures from the Judicial College Guidelines in our compensation table below. These guidelines are used by personal injury lawyers to estimate compensation figures.
|Injury Type||Severity||Settlement Range||Additional Notes|
|General Psychiatric Damage||This category is based on the following factors: 1) How the claimant can cope with life, work or education; 2) any impact on relationships; 3) Whether treatment will be successful; 4) If the claimant will remain vulnerable; 5) Prognosis; 6) Whether treatment was sought.|
|Severe (a)||£51,460 to £108,620||Marked problems with all factors. A very poor prognosis.|
|Moderately Severe (b)||£17,900 to £51,460||Significant problems with all factors. A much more optimistic prognosis.|
|Moderate (c)||£5,500 to £17,900||Problems with all factors initially but with marked improvements. A good prognosis.|
|Less Severe (d)||Up to £5,500||Considers how long the claimant has suffered with daily activities.|
|Post-Traumatic Stress Disorder||Symptoms include flashbacks, sleep disturbance, mood disorders, nightmares, avoidance, hyper-arousal and suicidal ideation.|
|Severe (a)||£56,180 to £94,470||Permanent symptoms affecting all aspects of life.|
|Moderately Severe (b)||£21,730 to £56,180||Similar to above but there will be a chance of some recovery with professional support.|
|Moderate (c)||£7,680 to £21,730||In this category, the claimant will have largely recovered. Any ongoing symptoms will not be grossly disabling.|
|Less Severe (d)||Up to £7,680||In this category, an almost full recovery will have happened over a one to two-year period.|
Claim With A No Win No Fee Data Breach Lawyer
For many people, the thought of beginning legal action can be intimidating. As well as dealing with complex legal questions, there’s the thought of losing money on upfront solicitor fees. That’s where we can help though. Our panel of data breach solicitors provide a No Win No Fee service. That means you won’t pay any solicitor fees if your claim is lost.
At the start of the process, the solicitor will review your claim with you. If they agree to represent you, the criteria they’ll need to meet before you pay them will be set out in a Conditional Fee Agreement (CFA). (This is the formal term for a No Win No Fee agreement.)
Within the CFA, you’ll find a section on success fees. This is what you’ll pay your solicitor if you receive compensation. It is a small percentage of the award that you receive that’s deducted by your solicitor. Legally, success fees are capped so you can’t be overcharged.
Talk To Us
We hope that this guide about wrong email address data breach claims has been helpful. If you would now like to begin a claim with us, you can:
- Call our team of specialist advisors on 0800 408 7825 for free legal advice about your options.
- Use our live chat service to find out more about claiming online.
- Contact us via our website to get a callback at a time that suits you.
When you get in touch, we’ll check whether you have the grounds to claim. You can ask any questions you need to during your free consultation and we’ll assess the chances of success. Should your claim be taken on by a data breach lawyer from our panel, they’ll work for you on a No Win No Fee basis.
Where Could I Learn More?
You have reached the last section of this guide. Therefore, we’ve added some more reading material that might prove helpful below.
Guide To Privacy And Electronic Communications Regulations – Information from the ICO about this piece of legislation relating to emails.
PTSD Symptoms – NHS guidance on the symptoms of post-traumatic stress disorder.
ICO Enforcement – Information on powers of the Information Commissioner’s Office.
Thanks for reading our article about wrong email address data breach claims.
Article by RA