My Data Has Been Breached, What Can I Do?

In this guide, we aim to explore the question: ‘My data has been breached, what can I do?’. In some circumstances, you may be able to make a compensation claim following a data breach. Throughout this guide, we are going to help you understand if you have a valid claim. We will also go over the process of making a data breach claim.

My data has been breached, what can I do?

My data has been breached, what can I do guide

There are various pieces of legislation in place to protect your personal data. We will explore these in further detail throughout our guide.

Additionally, there are certain regulators, such as the Information Commissioner’s Office (ICO), that work to ensure businesses and organisations are doing everything they reasonably can to keep your personal data safe. We will explore more about what they do throughout our guide.

If you have any questions whilst or after reading our guide, please don’t hesitate to contact our team by:

Select A Section:

My Data Has Been Breached, What Can I Do?

A personal data breach involves a security breach that leads to your personal data being accidentally or unlawfully:

  • Destroyed
  • Lost
  • Altered
  • Disclosed without authorisation
  • Accessed without authorisation

If you have evidence that your personal data has been breached because the data controller, those who decide what data is collected and processed, did not do enough to secure it, you may be eligible to seek compensation.

For example, an organisation may have failed to keep their cyber security up to date. As a result, your credit card details may have been accessed by an unauthorised third party.

This may have led to you experiencing ongoing financial harm which may have detrimentally affected your psychological wellbeing. In this case, you may be able to seek compensation for the harm you experienced.

However, there is a process you must follow. For instance, you will need to demonstrate that:

  • A breach of your personal data occurred
  • You suffered psychological and/or financial harm as a result
  • And, the data controller failed to take the necessary steps when it came to protecting your personal information.

How The Law Protects Data

During 2018 the EU created a directive known as the General Data Protection Regulation. It provided a security frame work for personal data. With these regulations come the tightest data protection laws yet. It was enacted into UK law through the Data Protection Act 2018 DPA.

However since then the UK is now no longer part of the European Union and as apart of the Withdrawal Agreement the UK generally, no longer needs to follow EU Directives.

The UK created their own UK General Data Protection Regulation UK GDPR that runs alongside the updated Data Protection Act 2018.

Personal data is information that relates to you and could be used to identify you. Some personal data could be used to directly identify you, such as your name, home or postal address, email address, or date of birth.

Whereas sensitive data, which is also protected, could be used to indirectly identify you using information that has been processed in combination with other information. This might include, your race, religion, gender or sex.

How Can Data Be Breached?

There are various ways in which personal data could be breached, such as:

  • Lack of security: An organisation may have failed to ensure its cyber security was sufficient and up to date. As a result, your personal data may have been affected following a cyber breach that could have been avoided.
  • Human error: An email may have been sent to multiple people without their emails being BCC‘d into the email. As a result, multiple people’s personal email addresses may have been accidentally disclosed.

If you have experienced a similar incident, please get in touch with our team using the number above. They could advise whether you’re eligible to make a data breach claim.

How Could A Data Breach Affect You?

There are various ways in which you could be impacted after having your personal data breached. For instance:

  • Psychologically: You may have experienced psychological damage due to personal and sensitive data about you being exposed.
  • Financially: You may have experienced fraudulent spending on your bank card causing you to lose money.

As part of the data breach claims process, you could seek compensation for psychological harm and reimbursement for any financial damage you experienced. However, you must provide evidence in support of your claim.

Check If The Data Breach Affected You?

When your data is breached, the organisation has a responsibility to notify you without unreasonable delay if it affects your rights and freedoms. However, it must also be reported to the ICO within 72 hours.

If you are concerned that your personal data has been breached, you could get in touch with the organisation yourself. However, if you haven’t had a meaningful response from the organisation, you are encouraged to contact the ICO.

You should not leave it longer than 3 months from your last meaningful communication with the organisation to contact the ICO.

Check Online And Financial Accounts

If you have been made aware that your data has been breached, you should check if it has had a  financial impact on you.

For instance, you could contact your bank and card providers to find out if there has been any suspicious spending.

Alternatively, if the personal data breach was a while ago, you could check your credit report to find out if a new debt has been taken on in your name.

Ways You Could Protect Your Personal Data

There are several ways you could protect your personal data from being breached. For instance:

  • Ensure you use complex passwords, and never the same password for more than one site or service.
  • Never write down passwords or share them with anybody.
  • Use two-factor authentication when it is available.
  • Never leave devices such as a phone, unlocked and unattended.

My Data Has Been Breached, What Can I Do And How Much Can I Claim?

Your data breach compensation may comprise:

  • Non-material damages: These cover any psychological harm you’ve experienced, such as distress.
  • Material damages: These cover any financial losses you’ve incurred.

Previously, it wasn’t possible to claim for any psychological harm without having suffered any financial losses. However, the case of Vidal-Hall and others v Google Inc heard at the High Court in 2015 changed the way compensation could be claimed following a data breach.

You are now able to seek compensation for psychological harm even if you haven’t experienced any financial losses. For that reason, the Judicial College Guidelines (JCG) is used to help value claims for non-material damages following a data breach.

The JCG sets out bracket compensation figures for different injuries. We created the table below, based on these figures. However, please note the settlement you may receive will vary.

Psychological Issue Severity Notes Compensation
Psychological damage (a) Severe All aspects of the claimants life will be severely affected and they will suffer permanent symptoms. £51,460 to £108,620
Psychological damage (c) Moderate There may have been significant mental health issues such as anxiety or depression initially. However, the future prognosis is good. £5,500 to £17,900
PTSD (a) Severe A person may experience a permanent impact that prevent the person from functioning at the same level as before the PTSD diagnosis. £56,180 to £94,470
PTSD (b) Moderately Severe The person may still face a significant disability but the future prognosis will be better than that of severe PTSD. £21,730 to £56,180
PTSD (c) Moderate The victim is suffering from a moderate case of post-traumatic stress disorder. However, they will likely make a good recovery. It is unlikely that any ongoing symptoms will be grossly disabling. £7,680 to £21,730
Psychological damage (d) Less Severe The compensation award will be driven by how long someone is impacted by the disability and the extent to which it’s impacted other aspects of life. £1,440 to £5,500
PTSD (d) Less Severe The person will make a mostly full recovery within two years. Any symptoms that do continue to have an impact will be minor. £3,710 to £7,680
Psychological damage (b) Moderately Severe The person will face significant problems with various aspects of life. However, the future prognosis will be optimistic. £17,900 to £51,460

How To Make A Claim If Your Data Has Been Breached

If you’re ready to make your claim, we could help. Whilst there is no legal obligation to hire a solicitor, doing so could be beneficial.

If you’re apprehensive about the cost of hiring a solicitor, you may wish to consider using a No Win No Fee solicitor. They could offer to represent your claim under a Conditional Fee Agreement (CFA). Under this agreement, there are no upfront costs.

For claims that succeed, you will pay a success fee. The fee is legally capped and taken from your settlement as a percentage. However, you won’t pay this success fee if your claim fails.

Our panel of data breach solicitors work on this basis and could represent your case. They have experience handling data breach claims and could help you get the compensation you deserve.

So, if your data has been breached, get in touch by:

Where You Can Read More

Here are some related claims guides.

And here are some other useful websites.

We hope this guide exploring the question: ‘My data has been breached, what can I do?’ has helped. However, if you need any additional information, call our team on the number above.

Writer AH

Editor EI