Have you suffered a data breach by a pharmacy? Every time we submit a prescription from our GP were are in effect, trusting the pharmacy with very sensitive personal details. We may do this without even thinking how that data is protected. It can be understandable to assume and expect that the pharmacy in question will protect your data, but what happens if they don’t?
This article offers guidance to our readers who may have been impacted by an issue like this. In data breach cases, it’s essential that you can prove ‘positive wrongful conduct’ on the part of the agency that holds your information. This means they must have done (or not done) enough to protect your personal information. The breach may have resulted in causing you either emotional or financial damage. For more information or to start your claim:
- Call us on 0800 408 7825
- Email us at Public Interest Lawyers
- Or use the ‘live support’ option to the bottom right of this screen
Select A Section
- Explaining How To Claim For A Data Breach By A Pharmacy
- What Is A Data Breach By A Pharmacy Or Chemist?
- How Could A Pharmacy Breach Your Data Privacy?
- Types Of Damages Awarded For Pharmacy Data Breaches
- Data Breach Compensation Calculator
- No Win No Fee Claims For A Data Breach By A Pharmacy
- Start Your Claim For A Data Breach By A Pharmacy
- How Can I Find Out More?
Information Commissioner’s Office statistics illustrate the extent of data breaches and importantly how they are caused. Each time we send an email, shop online or use services that require personal information, we are providing personal data. For the context of the article here are key terms;
- Data – personal data that can identify you or be used in conjunction with other information to identify you.
- Data Subject – those who have personal information processed.
- Data Controller – those who process personal information.
Despite IT security and stringent new laws to protect the consumer, this data can leak and become exploited by cybercriminals or hackers.
Data breach claims can only be made when the data subject can show that the data controller failed to protect their data correctly. This article discusses the evidence you would need to claim that a data breach had impacted you adversely and what you could potentially claim for.
A medical assessment can uphold your claim of any mental distress it has caused and receipts or bank statements can prove stolen funds.
Are All Data Breaches Cyber Related?
You may be under the impression that data breaches are caused by cybercriminals hacking into an organisation’s online systems. Although they can happen this way a lot of breaches are caused by human error. We will explain more about this later on in the guide. Firstly though, we are going to look at statistics produced by the Government.
Government statistics demonstrate the following figures. Some charities and businesses took part in a survey that shows cyber breaches and attack frequencies.
- Four in ten businesses (39%) reported a cyber security breach or attack in the last 12 months.
- A quarter of charities (26%) reported a cyber security breach or attack in the last 12 months.
- 27% of these businesses and 23% of these charities have experienced a cyber breach or attack at least once a week.
- A common type of issue is phishing attacks (83% and 79% respectively),
- Impersonation accounts for 27% and 23% respectively.
- 39% of businesses and 26% of charities that have been attacked have suffered consequences i.e. lost money or data.
- One-third of businesses (35%) and four in ten charities (40%) have reported being negatively impacted by some form of attack.
- Three-quarters (77%) of businesses claim cyber security is a high priority for their directors or senior managers.
- Half of the businesses (50%) and four in ten charities (40%) update senior management teams about actions taken on cyber security at least quarterly.
Pharmacies can face heavy fines if they break data protection law. The UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018 provide protection for data subjects’ personal data and has greatly increased requirements for data controllers in keeping personal information safe.
This law outlines formalities and the increased obligations on those who request, collect or share our personal data.
However, failure to properly adhere to these laws can result in penalties being issued by an independent supervisory authority called the Information Commissioner’s Office (ICO). This body is tasked with enforcing GDPR across all businesses and agencies. The ICO has the power to investigate failure to adhere to data protection laws and breaches of data that affects rights and freedoms. However, they cannot award you compensation.
The ICO tries to help companies large and small to implement the GDPR and adhere to the Data Protection Act 2018. They recognise that this new legislation greatly adds to administrative time and resources and in order to help, they provide highly accessible and informative information on their website.
There are ‘7 Core Principles’ from the GDPR:
- Lawfulness, fairness and transparency (are data collection reasons legal?)
- Purpose limitation – data collected for a specified purpose cannot be used for another
- Data minimisation – limit data.
- Accuracy (how correct is the data?)
- Storage limitation – kept for how long?
- Integrity and confidentiality (is security a top priority?)
- Accountability (are all staff aware of their responsibilities?)
The last point is a fundamental one. Most data breach issues are the result of human error rather than sinister outside attacks from online criminals. This does also happen and a core data requirement is for companies to ensure they have robust, firewall and IT defence software to halt attacks like this in their tracks.
What Is A Data Breach?
Three main groups use our data. The party that originally requests the data is called the ‘controller’ and it may be passed to an in-house or external agency called ‘processors’. In turn, they may be entitled under certain pre-agreed conditions or circumstances to share that data with a third party. Pharmacies would be classified as data controllers, responsible for data protection. What exactly is a data breach? The ICO classify it as a security incident that means personal data is:
- Accessed without authorisation
This can be done illegally with no lawful basis or accidentally.
Complain to the ICO
If a pharmacist or their staff has handled your personal information that breaches UK GDPR, the ICO suggest complaining directly to the pharmacy or reporting it to the ICO. It’s not guaranteed that they will investigate, but it lends your case an additional weight to do so. It can be possible to launch a data breach claim for compensation. Did they:
- Send your details or prescription to the wrong person?
- Mail important documents to the wrong address?
- Allow your information to be overlooked or publicly discussed?
By using evidence of financial loss or a medical assessment to prove actual harm, you can seek damages from the pharmacy if they are proven to be liable. Speak with our team if you require clarification on whether the breach that has affected you makes you eligible for data breach compensation.
If a data breach claim is successful then the claimant can claim up to two types of damages;
Material damages rely on paper documentation to prove losses related to your data breach. These can be costs that incorporate a whole array of unforeseen, current or predicted costs such as:
- Stolen funds from your bank accounts
- Fraudulent credit set up in your name and exhausted
- Store cards or other lines of finance in your name
- The need to re-arrange your domestic affairs because of threat (childcare or even the need to move home)
- Lost income from time off work due to related illness such as stress or depression
- The consequential impact on your pension or attendance bonus
This head of compensation relies on medical evidence to prove psychiatric suffering caused by the data breach. The distress and worry of knowing your private details are leaked into the public domain can be highly distressing and create very real impacts such as:
- Stress and worry
- Panic attacks and phobia responses
- Post-traumatic stress disorder (PTSD)
These health impacts can cause tremendous suffering and seriously debilitate the lives of the people it affects. An independent medical appointment and assessment can be arranged by a data breach specialist lawyer and they can evaluate the true extent of the harm caused by the data breach.
Data Breach Compensation Calculator
As well as this, a data breach solicitor can use the findings in the report to calculate your appropriate compensation requests. A change in the law now means that when claiming compensation, both health impacts and financial loss can be included in their own right. Prior to this ruling, it was only possible to consider mental harm if there was a financial loss as well.
Award brackets from a publication called the Judicial College guidelines (JCG) can provide a data breach solicitor with a realistic and equitable amount for the psychiatric injury. The guide uses past awards as an indication of what might be appropriate to acknowledge the suffering that injuries like this can cause. The table demonstrates:
|Injury type||severity||JCG award bracket||notes|
|psychiatric harm||(a) severe||£51,460 to £108,620||marked mental health problems with a poor prognosis|
|psychiatric harm||(b) moderately severe||£17,900 to £51,460||still significant problems but a better prognosis than above|
|psychiatric harm||(c) moderate||£5,500 to £17,900||good marked improvement by the time of the trial|
|psychiatric harm||(d) less severe||up to £5,500||taking into account the length of disability and the extent to which injuries have impacted normal daily life|
|Post-traumatic stress disorder (PTSD)||(a) severe||£56,180 to £94,470||permanent adverse affects that prevent working oir functioning at anything like pre-trauma levels|
|Post-traumatic stress disorder (PTSD)||(b) moderately severe||£21,730 to £56,180||a better prognosis and some recovery with professional counselling|
|Post-traumatic stress disorder (PTSD)||(c) moderate||£7,680 to £21,730||largely recovered without any grossly disabling effects|
|Post-traumatic stress disorder (PTSD)||(d) less severe||up to £7,680||virtually full recovery with 1 - 2 years, only the persistence of minor symptoms|
Compensation always depends on the evidence presented, so ensure that you can present your best case. In addition to this, you can only claim once for the same breach. A data breach solicitor can therefore help you include all the anticipated or predicted costs that may arise in the future from what happened. This can be issues such as late bank fees or overdraft penalties.
Medical data is very much part of your personal data and a breach of any information relating to your medication, address, date of birth or medical history is serious. With this in mind, you could launch a data breach by a pharmacy claim in just one phone call. A No Win No Fee agreement can help you to fund the solicitor’s service.
Also referred to as a Conditional Fee Agreement, legal representation on a No Win No Fee basis enables a claimant to start a case with no upfront fees at the point of claiming, or any as the case moves ahead. There are no fees at all needed for your lawyers if the case fails. Winning cases only require a small amount to be paid out of your settlement. This means the claimant always receives the majority of any settlement awarded.
Start your claim today by calling our team. We offer free advice with no obligation. Call us now on 0800 408 7825 or email us at Public Interest Lawyers. You can also access immediate help through the ‘live support’ portal.
In conclusion, thank you for reading this article on how to launch a data breach by a pharmacy claim. As well as this information on data breach, we can explain more about human error data breach claims, and how to claim for a wrong postal address data breach issues. Also, more details about how a No Win No Fee Data Protection Solicitor could help you.