Your Banking Details Have Been Shared – Could You Claim Compensation?

Your Banking Details Have Been Shared

Your Banking Details Have Been Shared Compensation Claims Guide

Lots of organisations deal with your banking information from banks, building societies, online purchases, or supermarkets, restaurants, and petrol stations if you pay by card. Having banking details shared does not alone indicate that a data breach has occurred. However, should your credit or debit card information be breached, not only can it affect your finances but also your well-being. This guide explains who could be eligible to make a personal data breach claim.

We discuss the evidence you will need to pinpoint something called positive wrongful conduct. This can describe any action or inaction taken by those in possession of your details that did not comply with data protection laws and permitted a data security incident.

All citizens in the UK have their data rights protected by the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR). These rights are upheld by the Information Commissioners Office (ICO). The ICO are able to penalise any organisation that fails to practice lawful data handling practices.

But the ICO does not pay compensation. If you are seeking damages, a data breach solicitor could help. Our team explain how you could connect with one when you get in touch. Simply:

  • Call our advisors for free, impartial legal advice at 0800 408 7825
  • Contact us online and request a callback
  • Or chat through the live support option below

Select A Section

  1. What Is The Unlawful Sharing Of Data?
  2. When Can Banking Details Be Shared Lawfully?
  3. What Could Cause Banking Details To Be Shared Unlawfully Or Accidentally?
  4. How To Claim For Data Breaches
  5. What Could You Claim If Your Banking Details Have Been Shared Unlawfully Or Accidentally?
  6. No Win No Fee Agreements For Banking Details Data Breach Claims

What Is The Unlawful Sharing Of Data?

Firstly, personal data can be any detail that in isolation (or with other details), could infer or reveal your identity to others. This covers details like name, address, and debit and credit card details to ‘special category‘ data such as health information or political and religious beliefs.

A personal data breach is a security incident that leads to the accidental or unlawful:

  • Loss of devices or documents containing personal data
  • Destruction of digital or paper documents containing personal data
  • Alteration of personal data
  • Disclosure or access to personal data
  • Sharing of data with unauthorised parties
  • Temporary or permanent loss of availability

A personal data breach may be broadly defined as any security incident that has in some way impacted the confidentiality, integrity and accessibility of personal data which is held by an organisation. The parties entrusted with the data are called controllers and processors, and they must establish a lawful basis for processing personal data.

If you feel your banking details were wrongly shared or used unlawfully, speak to our team for advice. Consent is not always required to use personal data, therefore it’s important to establish positive wrongful conduct occurred at the start.

Financial, Insurance and Credit Sector Data Security Incidents

The statistics below come from the ICO, where different sectors have notified the ICO of reportable data security incidents. If a data subject’s rights and freedoms are affected after an organisation is involved in a data breach, then it must let those affected know without undue delay. They must also report these incidents to the ICO.

These statistics reported by the financial, insurance and credit sector are from the fiscal second quarter of 2019 to Q2 2022:

  • 3,082 data security incidents were reported; of these,
  • 2,252 were caused by non-cyber incidents, and,
  • 830 were due to cyber incidents

When Can Banking Details Be Shared Lawfully?

In order for an organisation to be able to process your data, it must have a lawful basis. In total, there are 6 lawful bases, including:

  • Consent – giving your consent to the processing of your personal data.
  • Contract – the processing of your personal data is required to fulfil a contract.
  • Vital Interest – the processing is carried out as life is in danger
  • Legal Obligation – an organisation is legally required to process the data.
  • Public Task – the processing is needed to fulfil a public task or official function, and this has a clear basis in law.
  • Legitimate Interest – unless there is a valid reason not to process under this category, then personal data will be processed for legitimate interests.

An organisation must be able to identify at least one lawful basis for sharing data.

With this in mind, it is vital that all banks and parties who process personal data do so in compliance with UK GDPR 7 core principles of correct handling to prevent risks such as unauthorised sharing. Good staff training and UK GDPR compliance are vital ways to do this.

What Could Cause Banking Details To Be Shared Unlawfully Or Accidentally?

Human error could account for bank details being shared unlawfully, but external cyber assaults on banks and financial institutions could also happen. Other organisations can also retain your banking details, such as retail or commercial companies. Data breaches can be caused by:

  • Poorly trained staff
  • Weak administrative procedures
  • Unauthorised personnel who can access details
  • Passwords or security defences that are weak or insufficient
  • Documents posted to the wrong person or address
  • A breach via emails after they were sent in unredacted formats or without using the Blind carbon copy (Bcc) safeguard
  • Staff verbally disclosing personal data to unauthorised parties
  • A misdirected fax
  • Phishing and Malware threats
  • The loss or theft of devices containing data
  • Unsafe storage and transportation issues

This list is not exhaustive. Please speak to our advisors for more guidance on whether you can claim if your bank details were shared unlawfully.

How To Claim For Data Breaches

  • Firstly, alert your bank or the organisation about the problem and raise a complaint 
  • Complain to the ICO if you wish (you do not have to). All organisations must report data breaches that affect the rights of data subjects to the ICO within 72-hours of discovery and inform the data subject as soon as possible
  • Wait no longer than 3 months from the last meaningful contact on the matter to make a complaint with the ICO.
  • After this period of time, the ICO may not consider it a serious complaint.
  • Consider working with legal representation to make a personal data breach claim.

During this period, you can also start to assemble as much documented or medical proof to demonstrate how your breached banking details caused you harm. Our team are on hand to help with any aspect of this.

 What Could You Claim If Your Banking Details Have Been Shared Unlawfully Or Accidentally?

If you make a successful personal data breach claim after your banking details were shared unlawfully, you could claim up to two types of damage:

Material Damage

Material damage compensates for stolen funds, bad credit scores, and fraudulent purchases. So for evidence, it is important to keep proof such as bank statements.

Non-Material Damage

It was agreed after a precedent case called Vidal-Hall and Others v Google Inc 2015, that psychiatric harm could be claimed for independently of material damage.

The Judicial College Guidelines provide compensation brackets that legal professionals can use as a guide when valuing claims. The excerpt below shows what awards may apply to psychiatric and psychological harm:

Description of Psychiatric Harm Notes Judicial College Guideline Award Bracket
Psychiatric Injury or Psychological Damage Severe issues with work, relationships and education that present a poor prognosis (a) Severe Degrees – £54,830 to £115,730
Psychiatric Injury or Psychological Damage A similar, long standing disability caused, but a better prognosis than above (b) Moderately Severe Degrees – £19,070 to £54,830
Psychiatric Injury or Psychological Damage Indicates an improvement by the time the case may need to be heard (c) Moderate Degrees -£5,860 to £19,070
Psychiatric Injury or Psychological Damage Awards vary on length of injury and the additional creation of anxiety or phobia issues (d) Less Severe Degrees – £1,540 to £5,860

Post-Traumatic Stress Disorders (PTSD) A profound and permanent trauma response that drastically reduces the person’s ability to function as normal (a) Severe Cases – £59,860 to £100,670

PTSD A better prognosis after professional counselling (b) Moderately Severe Cases – £23,150 to £59,860
PTSD A large recovery, with no grossly disabling effects (c) Moderate Cases – £8,180 to £23,150
PTSD A near full recovery within 2 years and any persisting issues beyond this being manageable (d) Less Severe Cases – £3,950 to £8,180

Please bear in mind that these award brackets are merely guideline figures.

No Win No Fee Agreements For Banking Details Data Breach Claims

No Win No Fee agreements could help connect you with expert legal representation. A popular version of this type of funding option is called a Conditional Fee Agreement.

Generally, there are no upfront solicitor fees with this type of agreement. A small amount is deducted as the solicitor’s percentage success fee, the bulk of the payout goes to you if the case wins. To find out more, please consider speaking to our team. They could connect you with a solicitor offering a service like this right now:

  • Learn more when you call our team on 0800 408 7825
  • Contact us online to discuss a claim
  • Or chat through the live support option below.

Data Breach Claim Resources If Your Banking Details Were Shared Unlawfully Or Accidentally

In addition to banking details being shared unlawfully, the articles below offer further reading on related topics :

As well as this, you can learn more about: