In this guide, we will look at when documents are stolen as part of a data breach and how much you could receive in compensation. We will examine what constitutes a data breach and what documents could be stolen, whether physical or digital.
We will also help you understand what a valid data breach claim looks like and how you could begin the first steps of taking action. If you are ready to get in touch, you can do so by:
- Calling 0800 408 7825
- Filling out our contact form
- Speaking to an advisor using the live chat feature on your screen
Select A Section
- What Is A Stolen Documents Data Breach?
- When Could Stolen Documents Constitute A Data Breach?
- What Information Could The Documents Contain?
- How To Claim For A Stolen Documents Data Breach
- What Could You Claim For A Stolen Documents Data Breach?
- We Could Help With Your Data Breach Claim
The Information Commissioner’s Office (ICO) is the UK’s independent body set up to oversee data privacy and protection amongst organisations and individuals. A personal data breach is a security incident in which personal data is lost, stolen, destroyed, disclosed, altered or accessed without a lawful basis. This can be done deliberately or through human error. Data breaches can also be cyber or non cyber incidents.
How can a data breach occur:
- An organisation failed to update a person’s home address when instructed to do so therefore they sent a letter containing personal data to the wrong address.
- If an organisation does not have security measures in place to protect your online documents, hackers could steal data.
- Documents could be accidentally sent to the wrong person via email because the sender failed to check the receiver was the correct recipient.
Statistics On Types Of Data Breach
The government’s Cyber Security Breaches Survey 2022 saw 1,243 UK businesses, 424 UK registered charities and 420 education institutions take part and supply information from 16 October 2021 to 21 January 2022 revealing that 39% of UK businesses had identified a cyber attack in the last year. Around one in five organisations identified denial of service, malware, or ransomware attack. However, 56% of organisations had a policy not to pay ransoms.
Here are some other stats you might find interesting:
- Over half of businesses took action to identify cyber risks in 2022
- Cyber attacks cost organisations an average of £4,200
- Phishing was the most common threat and affected 83% of organisations
The UK GDPR and the Data Protection Act 2018 (DPA) sets out the rules that data controllers and processors must follow. Data protection legislation gives you the right to know what information a company holds about you and also the right to access that data.
The legislation gives a data subject, those whose information is processed, rights when it comes to how their personal data is handled. Data protection laws do not cover all types of information just data that can be used to identify you or combined with a piece of data to identify you.
To hold a valid personal data breach claim you must first be able to demonstrate that an organisation that was handling your personal information failed to protect it as it should have. It is worth noting that you may only make a valid claim if you can prove that your data has been breached which has caused financial losses or an injury, such as post-traumatic stress disorder or anxiety. You must also be able to provide evidence to back your claim.
Theft Of Paperwork And Documents
Let’s look at how the theft of paperwork and documents could lead to someone’s data privacy being breached. One high profile case involved an incident in May 2017, when a thief stole confidential documents from the car of Marcus Beale, a former counter-terrorism boss. The Assistant Chief Constable was later sacked after it emerged the documents should never have left police premises. However, companies could avoid paperwork theft if documents only existed in a digital format.
Unauthorised Copying Of Documents
Data may be stolen if it is replicated. This method poses a great danger as it mightn’t be clear that a stolen documents data breach has occurred if documents are not physically missing. Thieves may use smartphones to scan data or even a photocopier. Companies should remove physical copies of documents to lessen the risk, but also protect digital documents with a document management system such as eView or DocuWare.
Our team of advisors can value your claim for free and see whether you have a good chance of getting compensation. Use our live chat feature to speak to an advisor now.
Documents may contain sensitive information. However, in order for you to make a valid stolen documents data breach claim, the documents need to feature personal data. We’ve featured what personal data could be documented, including special category data. The ICO defines special category data as personal data that is sensitive and needs more protection.
- Racial or ethnic origin
- Political information
- Philosophical or Religious information
- Trade Union membership
- Biometric or Genetic data
- Data of birth
- Email address
- Phone number
- Bank account
- Debit card
- Credit card
Our advisors give free legal advice and are available to chat 24/7. If they think you have a valid claim, they might connect you with a solicitor from our panel.
Before making a stolen documents data breach claim, it is important to identify whether UK General Data Protection Regulation (UK GDPR) has been breached. The DPA implements UK GDPR and the following principles:
- Data should be processed fairly, lawfully and transparently
- The reason data is used for should be clearly specified
- Data should only be used for the purpose it was collected for
- Keep data accurate and up to date
- Get rid of data when it’s not needed
- Have security measures in place to control and process data
If UK GDPR principles have been breached, you should now consider the following questions:
- Are you the victim of a stolen documents data breach claim?
- Have you suffered any financial losses or injuries because of the breach?
If you answered yes to both questions, you might have grounds to form a valid claim. However, it is crucial to gather evidence for your claim. One way you can do this is to reach out to the organisation that has breached your data. It would be useful for you to explicitly state your concerns, including the stress they may have caused you and how much compensation you want in return. Their response would be solid evidence.
You should also report a stolen documents data breach to the ICO within three months of the incident occurring. The ICO may not investigate if you report an incident past their time limit. While the ICO cannot compensate you, they can issue fines to offending companies. Their findings also support your claim.
In this section of our guide, we will focus on what you could claim for a stolen documents data breach. There are two types of damages you might be able to claim for, including:
- Material damage: Financial losses caused by a data breach.
- Non-material damage: Psychological damage caused by a data breach.
It has not always been possible to claim for non-material damages. Previously, claimants were only allowed to sue for psychological damages if they had suffered financial losses. However, following Vidal-Hall and others v Google Inc (2015), the Court of Appeal ruled you can claim for both damages. We’ve featured compensation brackets from the Judicial College Guidelines to give you an idea of how much your injury might be valued at.
|Psychiatric Injury||Severe||£51,460 - £108,620||Prognosis is very poor and the impact on your health is severe.|
|Psychiatric Injury||Moderate to Severe||£17,900 - £51,460||Prognosis is slightly more optimistic but the effects are still damaging.|
|Psychiatric Injury||Less Severe Harm||£1,440 - £5,500||The level of award is decided on the extent to which daily activities are affected.|
|Stress Disorder||Severe||£56,180 - £94,470||All aspects of your life are detrimentally affected.|
|Stress Disorder||Moderate to Severe||£21,730 - £56,180||Significant disability is likely for the foreseeable future.|
|Stress Disorder||Moderate||£7,680 - £21,730||Ongoing effects are not grossly disabling and a full recovery is likely to be made.|
|Stress Disorder||Less Severe Harm||£3,710 - £7,680||A full recovery will happen within one or two years and any ongoing symptoms are minor.|
For a free valuation of your claim, speak to our advisors. If you have a valid stolen documents data breach claim, they could connect you with a solicitor from our panel.
If legal costs are putting you off from taking action, then you might be interested in using a No Win No Fee solicitor. Solicitors using this agreement require no upfront costs, while ongoing fees are typically covered. Your solicitor takes a legally capped percentage of your compensation to cover their costs, but only if your claim is successful.
Our panel of solicitors may offer you a No Win No Fee agreement if they think your claim holds up. For more information, you can contact us by:
- Giving us a call on 0800 408 7825
- Filling out a contact form
- Using the live chat feature on your screen
Learn More About Data Privacy
Before we conclude this guide on how to make a stolen documents data breach claim, we thought you might find the following resources useful:
Make a complaint – Government guidance on making a data protection complaint.
Latest cyber issues – The ICO investigates current cyber security issues.
Post-traumatic stress disorder – NHS advice on dealing with PTSD.
Below are some more of our guides that may come in handy:
Dental Medical Data Breach – Find out how much compensation you may get for a dental medical data breach.
Stolen or Lost Device Data Breach – Find out if you can claim compensation.
How Is Compensation Calculated – Find out in the guide.
We hope this article has taught you how to make a stolen documents data breach claim. Speak to our team for additional information.