In this article, we will discuss how a personal data breach could occur through confidential information that is sent to the wrong email address. UK residents and their personal data are protected by the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR).
Throughout this guide, we will explain what the definition of a personal data breach claim is, and how it could affect you. We will also explore the Information Commissioner’s Office (ICO) and its role in data protection.
You may be wondering how legal professionals calculate compensation in personal data breach claims. We will discuss this, and provide guideline compensation brackets.
Finally, we will discuss how an expert data protection solicitor from our panel could help you through the personal data breach claims process. Our advisors are available to provide guidance 24/7 and can tell you if you could have a valid claim. Get in touch to learn more by:
- Calling us on 0800 408 7825
- Contacting us online
- Speaking to an advisor through the live chat feature
Select A Section
- How Often Is Confidential Information Sent To The Wrong Email Address In The UK?
- How Could Confidential Information Be Sent To The Wrong Email Address In The UK?
- Types Of Confidential Information Sent Via Email
- Is Sharing An Email Address A Breach Of The UK GDPR?
- How Much Compensation Could You Claim?
- Get In Touch With An Expert
A personal data breach is a security incident that compromises the integrity, availability, or confidentiality of your personal data. This is data that could identify you, for example, your full name, or email address. In order to make a claim for emailing confidential information to the wrong address, this confidential information must fall under the umbrella of personal information.
The data controller decides how and why they use your personal data, and a data processor acts on a controller’s behalf. In order to form the basis of a valid claim, you must be able to prove that the controller or processor’s wrongful conduct lead to the breach and that the breach affected your personal data. You must also suffer harm as a result of the breach.
According to data security incident trends published by the ICO, there were 381 reported incidents of personal data being emailed to the wrong recipient in Q4 of the 2021/22 financial year.
To find out if you could claim after confidential information was sent to the wrong email address in the UK, contact our advisors.
There are many ways that your personal data could be breached by email. For example, an employee could fall victim to a phishing attack. In this case, they may be send personal data to an address that claims to be legitimate, but is not. However, to claim for a phishing attack, you must be able to prove that the organisation did not have adequate cybersecurity policies or training in place.
Another example of how an email could go to the wrong address is through human error. For example, an employee may mistype or misspell your email address, causing it to arrive at the wrong address. Or, the organisation may possess out-of-date records.
Contact our team of advisors today to find out if you could have a valid personal data breach claim.
Throughout this article, we have touched on the term personal data several times. However, as we mentioned earlier, you cannot claim for every case of confidential information being sent to the wrong email address. In order to form the basis of a claim, the email must contain your personal data. Personal data includes your:
- Date of birth
- Bank account information
- Email address
- Phone number
- Debit card details
- Credit card details
Special category data is a kind of personal data. This requires more protection according to data protection law due to its sensitive nature. Special category data includes data that refers to your:
- Health or medical data
- Racial or ethnic origin
- Political information
- Trade Union membership
- Biometrics or genetics
The ICO details what is considered suitable data storage and the lawful basis for processing and storing data. If your personal confidential information is sent to the wrong email address, as a UK resident, you could potentially have grounds for a claim.
Sharing an email address is not necessarily a breach of the UK GDPR, but it is best practice to have your own secure email with a strong password. The same applies to businesses, institutions, and public health bodies that store your data. If someone has shared your email address, you may wonder if your data has been breached.
If you give consent for an organisation to share your email address, this is not a breach. Consent is one of the six lawful bases for processing personal data. However, if you do not give consent, then this could result in a breach. For example, if an employee sending a batch email fails to use the blind carbon copy feature (BCC), revealing your email to fellow recipients, this could be a breach.
To learn more about making a claim when confidential information is sent to the wrong email address in the UK, contact our advisors today.
The two different types of damage you can look to claim for are as follows:
- Material Damage: This includes financial losses. For example, if someone steals money from your bank account. Or, if a criminal takes loans out in your name, this could damage your credit score.
- Non-material damage: Non-material damage involves psychological or emotional distress. This can be a varying injury scale, ranging from poor sleep to serious issues such as anxiety, depression, and post-traumatic stress disorder.
The Vidal-Hall and others v Google Inc  case heard through the Court of Appeal is a landmark ruling allowing claimants to claim for non-material damage alone. Before this ruling, claimants only had access to non-material damage at the same time as material damage.
The compensation calculator table below shows figures taken from the Judicial College Guidelines (JCG). These guideline figures assist legal professionals when valuing personal injury and personal data breach claims.
|Type of Injury + Severity
|Psychiatric Damage Generally – Severe
|£54,830 to £115,730
|Serious and debilitating condition which has a serious and prolonged effect on day to day activity
|Psychiatric Damage Generally – Moderately Severe
|£19,070 to £54,830
|Injuries are severe but the prognosis is more promising than above
|Psychiatric Damage Generally – Moderate
|£5,860 to £19,070
|A good prognosis reflects an improvement of symptoms by trial
|Psychiatric Damage Generally – Less Severe
|£1,540 to £5,860
|Consideration is given to length of disability and the effect that remaining symptoms have on sleep and other day to day activities.
|PSTD – Severe
|£59,860 to £100,670
|All aspects of the life of the injured person will be severely and permanently affected, with no pre-trauma levels of function.
|PSTD – Moderately Severe
|£23,150 to £59,860
|Prognosis is more promising than above with professional intervention.
|PSTD – Moderate
|£8,180 to £23,150
|Person will have largely recovered and any lasting symptoms are not disabling.
|PSTD – Less Severe
|£3,950 to £8,180
|A full recovery occurs within 1-2 years, and any remaining symptoms are minor.
However, these figures only apply to England and Wales, and are guidelines only. For information on what you could receive if your confidential information was sent to the wrong email address in the UK, contact our team.
Starting a personal data breach claim can feel daunting. However, a solicitor from our panel may be able to help. With over thirty years of experience, our panel can guide you through the claims process under a Conditional Fee Agreement (CFA). A CFA is a type of No Win No Fee agreement, under which you receive legal representation with no upfront or ongoing fees.
If your claim is successful, your solicitor will take a success fee. This is a percentage of your award, but there is a legal cap in place. However, if your claim is unsuccessful, then you will not pay this fee.
Our advisors can assess your case for free, and can tell you if you are eligible to make a claim. If you are, they may connect you with a solicitor from our panel.
To get in touch:
Related Guides And Articles
For more informative guides:
- Is there a timescale for a data breach claim?
- Common causes of data breaches
- The definition of a data breach
Or, for more helpful resources:
To learn more about what steps you can take if your confidential information is sent to the wrong email address in the UK, contact our advisors. They can provide free legal advice.
Article by NA