Can I Make A Claim For An Internal Email Data Breach?

Throughout this guide, we will discuss when you could be eligible to start an internal email data breach claim. In some cases, you might be able to seek data breach compensation for the financial loss and/or emotional harm you have suffered. However, certain eligibility criteria determine whether you will have grounds to proceed with your case. We explore these criteria in more detail later in our guide as well as the evidence you could gather to support your case.

There are two main pieces of data protection legislation called the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR) that are in place to protect your personal data. They also set out the obligations data controllers and data processors have with regard to the processing, storing, and handling of your personal data.

Data controllers set the purpose and means for processing and can process your personal data themselves. If they don’t, they can outsource this task to a data processor who acts on their behalf. If either of them fails to adhere to data protection law, this is wrongful conduct and could lead to a breach of your personal data. We provide examples of how this could occur, either through  human error or a cyber security incident, and the impact it could have.

Finally, we discuss how a data breach solicitor from our panel could assist you with seeking compensation on a No Win No Fee basis.

For more information, you can get in touch with an advisor via the contact details below:

A man in a suit holding a phone with white email, messaging and phone icons at the centre

Browse Our Guide

  1. When Can You Make An Internal Email Data Breach Claim?
  2. How To Make An Internal Email Data Breach Claim
  3. How Could A Personal Data Breach Happen?
  4. Potential Compensation From An Email Data Breach
  5. Making Workplace Data Breach Claims On A No Win No Fee Basis
  6. Read More About Claims For Personal Data Breaches

When Can You Make An Internal Email Data Breach Claim?

As mentioned controllers and processors have an obligation to protect your personal data under DPA and the UK GDPR. Failure to do so is wrongful conduct and could lead to the personal data of a data subject being breached.

The Information Commissioner’s Office (ICO), an independent body set to uphold the information rights and freedoms of data subjects in the UK, provide a definition of a personal data breach. They state it is a security incident affecting the availability, integrity, and confidentiality of personal data.

Personal data is any information that can be used to identify you, such as your name, email address, phone number, National Insurance number, or postal address. There is also special category data which more sensitive data that needs additional protection. This can include data concerning your health, biometric data where used for identification purposes, and data revealing your racial or ethnic origin.

In order to claim compensation after a personal data breach, you need to prove the following:

  • A data controller or data processor did not uphold their obligations as per data protection laws.
  • Due to their wrongful conduct, a personal data breach occurred.
  • As a result of the breach, you experienced psychological harm and/or financial loss.

For further guidance on the eligibility criteria for data breach claims, please contact an advisor. They can assess your specific case and advise on whether you have valid grounds to proceed.

How To Make An Internal Email Data Breach Claim

There are several steps you can take when making an internal email data breach claim. For example, you can:

  • Collect correspondence sent about the data breach between you and the organisation. Data controllers have to tell you about personal data breaches that put your rights and freedoms at risk without undue delay. They may do this via letter or email. You can keep copies of these to help substantiate your case.
  • Contact the organisation directly. Alternatively, if you become aware of a breach that has affected your personal data, you can contact the organisation. They may then take steps to address the issue.
  • Report the breach to the ICO. If you fail to receive a satisfactory response about the data breach from the organisation, you can raise a concern with the ICO. When making a complaint, it’s important to understand that not every issue is investigated and the ICO cannot award compensation. However, any findings from an investigation that is carried out can be used to strengthen your case.
  • Collect evidence that shows how the breach affected you. For example, you could collect doctor reports and other medical records that shows you experienced psychological harm. You could also gather payslips and bank statements that show any monetary losses suffered.

An expert data breach solicitor from our panel can help eligible claimants build up their case. With extensive experience handling data breach claims, their insights and support can guide you through all stages of the claim process and help you seek compensation.

Call the number above to find out whether you could be connected with a solicitor from our panel.

A hooded man surrounded by computer code trying to steal data

How Could A Personal Data Breach Happen?

Below, we look at how an internal email data breach could occur resulting in you experiencing financial damage and/or psychological harm.

  • A mass email from Human Resources (HR) is sent across different departments in a workplace without using the Blind Carbon Copy (BCC) function. As a result, staff members’ personal email addresses are exposed through human error.
  • An email from HR about reasonable adjustments being made for a medical condition you have is sent to the wrong email address. As a result of the email being sent to the wrong person, they find out about your health condition causing you stress and anxiety.
  • Poor cyber security measures makes an organisation more vulnerable to cyber attacks such as ransomware and phishing scams. As a result, the internal email system is hacked and personal data is stolen.

In some cases, a breach can cause mental harm, such as stress or anxiety, especially if special category personal data is compromised. Additionally, it could cause you financial losses, such as lost earnings from time needed off work to recover from the emotional harm the breach caused you.

Call our team to get a free assessment of your case and find out more about claims for data breaches.

Potential Compensation From An Email Data Breach

Following a successful internal email data breach claim, you could receive compensation for two types of damage.

Firstly, non-material damage refers to the psychological harm caused to you by the breach. This can include stress, anxiety, emotional distress, and the worsening of pre-existing mental health problems such as post-traumatic stress disorder (PTSD).

In order to calculate the value of the mental harm you have suffered, reference can be made to the Judicial College Guidelines (JCG) as well as any medical evidence. The JCG contains guideline award brackets that correspond to different types of harm.

Compensation Table

The table below contains figures from the JCG. However, the first entry is not from the JCG. Also, you should use the table as a guide only.

Harm Type Level of Severity Notes Guideline Award Brackets
Very Severe Psychiatric Impact And Significant Financial Losses Very Severe A settlement that addresses very severe mental impacts as well as any substantial monetary losses caused. For example, loss of earnings. Up to £150,000 plus
General Psychiatric Damage Severe Marked problems affect different areas of the person’s life, including their ability to cope with life, education, and work. There is a very poor prognosis. £54,830 to £115,730
Moderately Severe There are significant problems affecting different areas of the person’s life. However, the prognosis is more optimistic. £19,070 to £54,830
Moderate A significant improvement and a good progress. £5,860 to £19,070
Less Severe The extent to which daily activities and sleep are affected and how long for are some of the factors considered when determining the level of award. £1,540 to £5,860
Post-Traumatic Stress Disorder (PTSD) Severe Permanent effects preventing the injured person from working at all, or from functioning at a pre-trauma level. The person will see all aspects of their life badly affected. £59,860 to £100,670
Moderately Severe A better prognosis and some recovery due to receiving professional help. Despite this, there are still effects that are likely to result in a significant disability for the foreseeable future. £23,150 to £59,860
Moderate The injured person will have made a significant recovery and any continuing issues won’t cause a major disability. £8,180 to £23,150
Less Severe A mostly full recovery is made within 1-2 years and only minor symptoms continue for a longer period. £3,950 to £8,180

Claiming Material Losses

Material damage refers to the financial harm caused by the breach. Some examples include:

  • Fraudulent credit card transactions.
  • Loans taken out in your name. 
  • Money stolen from your bank account.
  • Loss of earnings incurred due to time taken off work.

To prove these losses, it is important to keep hold of all any proof, such as any wage slips, bank statements and credit reports.

For further guidance on the data breach compensation you could potentially be awarded for your specific case, please contact an advisor. They can provide a free valuation of your internal data breach claim.

Making Workplace Data Breach Claims On A No Win No Fee Basis

You don’t have to use a solicitor to start an internal email data breach claim. However, there are certain benefits to instructing legal representation. For example, the experienced data breach solicitors from our panel could help you gather evidence to support your case and ensure it’s presented within the relevant time frame.

Furthermore, they are able to offer these services under a type of No Win No Fee contract called a Conditional Fee Agreement (CFA). Usually, under the terms of a CFA, solicitors can start work on your case without requiring upfront or ongoing fees for their services. In addition, no fee for their completed work on your claim will be needed if it fails.

A successful claim requires a success fee to be paid to your solicitors. This is taken from your compensation as a percentage. However, the percentage is subject to a legal cap which ensures that you receive the bulk of the compensation awarded.

If you want to learn more about starting an internal email data breach claim with a solicitor on No Win No Fee terms, you can reach out to our team of advisors. To do so, you can:

A man in a suit looking at a hologram of the words data breach in blue

Read More About Claims For Personal Data Breaches

You can find more of our helpful data breach claims guides below:

We have also provided some external resources below:

Thank you for reading our guide on internal email data breach claims. Please get in touch with us if you have any other questions.