In this guide, we examine the potential steps you could take if there were to be a Crown Prosecution Service data breach involving your personal data and causing you financial and/or psychological damage. There may be some instances when a data breach claim is possible, provided the relevant eligibility criteria are met. You can find information on these within our guide as well as the laws that govern data protection, and how failures to uphold these legal standards can result in your personal data being compromised.
We will look at what harm can be caused by a data breach, the potential compensation that could be awarded to address this harm and how these values are calculated.
The penultimate section of our guide looks at the type of No Win No Fee contract our panel of data breach solicitors can offer and what advantages claimants will enjoy when starting a claim in this way.
For answers to your questions, further guidance on data breaches or a cost-free non-obligation assessment of your potential claim, speak to one of our advisors. You can reach our team via:
Select A Section
- What Could A Crown Prosecution Service Data Breach Be?
- What Personal Data Could Be Affected In A Breach?
- Compensation For Breach Of Criminal Data
- How Do I Prove My Data Breach Claim?
- Could I Claim For A Crown Prosecution Service Data Breach On A No Win No Fee Basis?
- Helpful Guides Relating To Data Breach Claims
To start, personal data is any information that can be used to identify you. The Information Commissioner’s Office (ICO), the independent public body established to govern data protection, define a personal data breach as a security incident that affects the availability, integrity or confidentiality of personal data. This definition includes both human error and deliberate action data breaches.
When discussing data breaches, there are 3 parties that need to be considered. They are:
- Data subjects: The identifiable individuals to whom the personal data relates.
- Data controllers: Often an organisation that decides how and why your personal data will be processed.
- Data processors: An external organisation contracted to process data on the controller’s behalf. Data controllers may choose to process data themselves and not use an external processor.
Both data processors and controllers are required to abide by the standards of data protection established by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Failing to meet these standards could result in security incidents that impact personal data.
To begin a personal data breach claim, the following eligibility criteria must be satisfied:
- There was a failure to uphold the standards set out under data protection law by either the data processor or controller.
- A data breach that affected your personal data occurred because of this failure.
- Due to this data breach, you experienced a financial loss, psychiatric injury or both.
Contact our advisors to find out more regarding your eligibility to begin a claim using the contact information above.
The Crown Prosecution Service (CPS) is the independent public prosecutor for criminal cases in England and Wales. Their duties include deciding which cases should be prosecuted, determining what charges should be brought and then presenting those charges in the courts. As such, the CPS can handle a vast amount of personal data, including some highly sensitive.
As mentioned, personal data refers to information that can be used to directly or indirectly identify you. Examples include names, credit card or debit card information, postal addresses as well as contact details like email addresses and phone numbers. There are also other categories of personal data known as special category and criminal offence data.
Higher standards of protection are required for special category data. This refers to data that is of a sensitive nature. Examples can include data relating to racial and ethnic origin, and data regarding health.
Criminal offence data is also afforded higher levels of protection. This includes information relating to offenders or suspected offenders regarding criminal activities, allegations, criminal investigations and proceedings. Whilst it does not cover the personal data of victims and witnesses, this information is likely to be highly sensitive. As such, extra care should be taken when processing this data. Furthermore, special category data about witnesses and victims, such as health information detailing physical injuries or psychological trauma, requires extra protection.
How Could A Data Protection Breach Happen?
There are several ways a breach impacting this data could occur. For example:
- A laptop containing details of unproven allegations against you was misplaced. The allegations were subsequently made known when unauthorised persons gained access to the lost device.
- Information relating to the physical and/or mental harm victims and witnesses suffered was sent in an email to the wrong person.
In both instances, the affected party could suffer psychological and/or financial harm. For example, if sensitive data is compromised, the person could experience depression, distress and anxiety. They may also need to take time off work to recover from the mental impact of the breach resulting in them losing income.
Contact our advisors today via the details given above for an assessment of your particular circumstances. They can help you understand what potential steps you could take if a Crown Prosecution Service data breach were to occur, affecting your personal data, and causing you damage.
Compensation for a successful data breach claim can be awarded for up to address two different types of damage.
- Material damage refers to financial loss stemming from a data breach, such as lost income incurred from time taken off work to deal with the mental impact of the breach.
- Non-material damage refers to the psychological damage caused by having your personal data breached, such as stress, anxiety and, in more severe cases, post-traumatic stress disorder (PTSD).
You can claim for material damage and non-material damage independently of the other. Alternatively, you could claim for both together.
Reference can be made to the Judicial College Guidelines (JCG) when calculating a possible value for non-material damage. The JCG is a document published by the Judicial College that contains different types of harm and guideline award brackets for each. We have used a few of these brackets to create the table below. The first entry is not part of the JCG. Please use the table as guidance only.
|Type of Harm
|Guideline Compensation Bracket
|£54,830 to £115,730
|There are marked problems that affect multiple areas of the person’s life with a very poor prognosis.
|£19,070 to £54,830
|There are significant problems affecting several areas of the injured party’s life but with a better prognosis.
|£5,860 to £19,070
|Significant improvement and a good prognosis.
|£1,540 to £5,860
|How long the person is affected and the extent to which they are affected is considered when valuing the award in this bracket.
|£59,860 to £100,670
|Permanent and negative effects across all aspects of the person’s life. They are unable to function at a pre-trauma level.
|£23,150 to £59,860
|A better prognosis and some recovery after receiving professional help. However, the effects are still likely to result in a significant disability for the foreseeable future.
|£8,180 to £23,150
|A large recovery with only persisting issues not being hugely disabling.
|£3,950 to £8,180
|Mostly a full recovery is made within one to two years and there are only minor issues continuing for a longer period.
For a more detailed estimate of what compensation you could receive following a successful claim, speak to our advisors. You can get in touch via the contact information below.
A data breach claim will require supporting evidence to demonstrate that you sustained damage from having your personal data breached. We have provided a non-exhaustive list here:
- Financial documents. This can include wage slips showing any lost income.
- Medical evidence. Letters from your doctor could demonstrate the psychological harm you experienced and what treatment you received.
- Correspondence from the data controller notifying you that a data breach has occurred and your personal data was affected by that breach.
All data subjects impacted by a data breach should be notified as soon as possible by the data controller if their rights and freedoms have been put at risk. There is also a requirement that the ICO be notified within 72 hours if the breach meets the criteria for reporting. While the ICO will not award any compensation, it can open an investigation into the data breach and take action against the controller. You can use the findings of the ICO investigation as evidence for your data breach claim.
You can express dissatisfaction over how an organisation is handling your data even if no data breach has taken place. Following an inadequate response, you can then raise a complaint with the ICO. Complaining to the ICO is not a legal prerequisite to making a data breach claim.
For further guidance on what evidence you can collect in support of your claim, talk to a member of our team. A data breach specialist from our panel of expert solicitors could provide support with the collection of evidence if it is decided you have valid grounds to pursue the claim. Use the contact details below to speak to an advisor today.
When being represented by a solicitor under this agreement you will not, in most cases, pay an upfront fee for the solicitor to begin working on your claim. You will likewise not pay for this work during the claims process itself. In the event the claim is unsuccessful, there is no fee to pay for the solicitor’s work.
If your claim is won, the solicitor will take a success fee as a percentage of your compensation award. The maximum percentage that can be charged as a success fee is legally capped. Therefore, you will keep most of any awarded compensation.
Contact our team today to enquire further about the potential steps you could take if a Crown Prosecution Service data breach were to occur leading to your personal data being compromised and you experiencing mental harm and/or monetary loss. To speak to one of our advisors:
- Phone on 0800 408 7825.
- Fill out our online “Contact Us” form.
- Use the live chat feature on this page.
See some of our other guides on data breach claims:
- Read our guide on starting a private healthcare data breach claim.
- Learn if you could sue the council for emotional distress after a data breach.
- Find out who could be eligible to claim compensation for a breach of illness data.
Other resources that may be useful to you:
- The NHS has published guidance on stress.
- The National Cyber Security Centre has released guidance on data breaches for individuals and families.
- See this ICO resource on identity theft.
Thank you for reading our guide looking at possible steps that could be taken should a Crown Prosecution Service data breach happen affecting your personal data and causing you loss or harm to your mental health and/or finances. Our team are on hand to help if you have any other questions.