Whilst seeking help for personal issues, to suffer a counsellor data breach can be devastating. We trust that our clinicians and therapists will protect our personal information with the utmost care at this challenging time.
Not all data breaches can be prevented but when those who should be protecting our personal information fail to adhere to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 it can mean those who are affected may be eligible to claim for data breach compensation.
At Public Interest Lawyers, we understand that this is a sensitive issue, so if you wish to speak to one of our advisors in confidence right now, please feel free to:
- Call us on 0800 408 7825
- Contact us online
- Use the ‘live support’ option
- Or continue reading the sections below
Select A Section
- What Is A Data Breach By A Counsellor?
- Does The UK GDPR Cover Therapy Patient Data?
- How Could A Counsellor Data Breach Happen?
- How To Claim For A Counsellor Data Breach
- Calculating Compensation For A Data Breach By A Counsellor
- Begin a Claim For A Medical Records Data Breach
A personal data breach can be a security incident in which identifiable and sensitive data can be lost, stolen, destroyed, disclosed or accessed without a lawful basis. UK GDPR and the Data Protection Act 2018 are enforced across all industries and sectors by an independent body called the Information Commissioner’s Office (ICO).
Personal information can be considered breached when it is:
- Lost or stolen
- Destroyed without using the correct channels
- Shared without a lawful basis or sent to the wrong person
- Accessed by unauthorised third parties
A counsellor data breach could happen if the patient’s details are discussed openly or details are left exposed for others to see. Counsellors are trained to know that personal medical information must be kept in a confidential way and UK GDPR enforces the correct procedures for them to follow.
Failing to secure this data that results in a patient or client suffering financial or emotional harm is the cornerstone of a data breach compensation claim. With this proof in hand, the therapist or healthcare practice involved could find themselves liable to pay compensation.
Types Of Data Counsellors Handle
During the course of counselling or therapy, a great deal of highly sensitive and personal information is entrusted to the practitioner. Particularly with mental health issues, the scope of topics that could be discussed may be vast and deeply private.
Trust is an essential part of the counsellor/client relationship. In addition to basic personal details such as name, address, email, ethnicity and marital status, other topics could include:
- Sexual orientation
- Family history and details
- Alcohol and narcotic history
- The names or details of attackers or perpetrators
- Criminal records or pending prosecutions
- Debt and housing problems
This may represent highly sensitive personal data and it must be handled according to the strict standards expected by practitioners in that field, as well as UK GDPR.
The UK GDPR define protected health data in Article 4 (15) as ‘special categories’. This is data that relates to:
- The person’s past, present or future health status
- Specific medical conditions
- Tests, notes, recordings or results of sessions
- Any related data that reveals anything about someone’s state of health
- Injury, disease, disability or disease risk
- Any collected information from the client when they register for counselling
- Appointment or screening details and reminders that tell you something about the patient’s health.
- Invoicing and banking information
- Any number, symbol or other identifier used to uniquely identify a patient or client for health purposes (eg an NHS number)
- Other information from which others could infer any of the above.
There are certain circumstances in which a counsellor data breach could happen. Some examples:
- The counsellor discusses client details with others without a lawful basis
- A lost device containing data causes a breach
- Failure to secure data may put it at risk (this could be something as simple as failing to lock a filing cabinet properly)
- Human error or staff mistakes that lead to emails containing personal data being sent to the wrong recipient.
- External hacking and cybercrime breach due to no online defence or firewalls to protect online files. It is the responsibility of the counsellor to apply appropriate software security to prevent issues like this as much as possible.
Any claim for damages for counsellor data breach would need to show how the counsellor failed to adequately prevent the data breach.
With this in mind, as you approach a counsellor data breach claim, it can be helpful to understand what steps to take to give your claim the best chance of success:
- Raise a concern with the counsellor in question
- Report the issue to the ICO either immediately, or no later than 3 months after last meaningful discussions on the issue (the ICO may not investigate and they do not pay compensation but they can send a signal that you are serious about your data breach grievance)
- Start to put together as much proof of financial or emotional damage and loss as appropriate
- Access your medical notes
- Reach out to a data breach solicitor to help with this.
There are two types of damages that you can request in a data breach claim if your evidence upholds it. The first is called material damages and these need the receipts, bills or invoice documentation that shows how the data breach impacted your finances in a negative way. Our team are on hand to offer further advice on eligible amounts you could include under this heading if you need guidance.
Non-material damages are amounts calculated by using a personal injury award guideline publication called the Judicial College Guidelines. A medical assessment may be needed to show that you suffered mental health distress.
A case called Vidal-Hall v Google, acknowledged compensation for psychiatric harm in its own right meaning you could apply for similar amounts as shown in an excerpt below:
|Type of Psychiatric Damage||Supporting Notes and Severity||Judicial College Guideline Award Bracket|
|General Psychiatric Harm||(a) Severe - this applies to cases of profound mental health challenges impacting all areas of normal life||£51,460 to £108,620|
|General Psychiatric Harm||(b) Moderate toward Severe - a more optimistic prognosis than above but a permanent/long-standing set of disabling issues||£17,900 to £51,460|
|General Psychiatric Harm||(c) Moderate - Similar issues but an improvement by the time a case may be heard||£5,500 to £17,900|
|General Psychiatric Harm||(d) Less Severe - Reflects how long the disabling effects were felt and to what degree they disturbed normal life||Up to £5,500|
|Post-Traumatic Stress Disorder (PTSD)||(a) Severe - permanent traumatic effects that prevent work or normal function as previously enjoyed||£56,180 to £94,470|
|Post-Traumatic Stress Disorder (PTSD)||(b) Moderately Severe - better outcomes than above possible with expert help and therapy||£21,730 to £56,180|
|Post-Traumatic Stress Disorder (PTSD)||(c) Moderate - A recovery in large part with only minor persisting issues||£7,680 to £21,730|
|Post-Traumatic Stress Disorder (PTSD)||(d) Less Severe - Virtually a full recovery within 1 - 2 years||Up to £7,680|
It’s important to note that these are only guidelines, not certain awards. But a counsellor data breach claim can include both these heads of damages or just one, as appropriate.
At Public Interest Lawyers our advisors can offer free legal advice without any obligation to proceed with a formal claim. We’re available 24/7 to help value your claim and connect you with the services of our panel of solicitors. They could take your case up under a No Win No Fee agreement which means:
- Firstly, no upfront fees
- There are no fees as the case runs
- Nothing is due to the solicitor if the case fails
- When the claim is successful you will need to pay your solicitor a capped percentage of your settlement
If you would like to learn more about how a No Win No Fee agreement works, please get in touch by:
- Calling us on 0800 408 7825
- Contact us online for counsellor data breach information
- Furthermore, you can use the ‘live support’ option
Guides Related To Counsellor Data Breach Claims
In conclusion, the resources below offer further reading on this topic:
- Learn more about No Win No Fee data protection solicitors
- Or how a data breach by Social Services could occur
- More information on private health care data breach compensation claims
- Details on patients’ right to good service
- Lastly, help from the NHS on psychotherapy or counselling services