By Danielle Newton. Last Updated 4th July 2023. Have you suffered financial loss or emotional harm due to a police data breach? There are many different ways that a police data breach could happen, from officers sending emails containing personal data to the wrong person to cyber attacks. Here, we give you lots of guidance on what you could do if wrongdoing on the part of a police force leads to a data breach that impacts you.
There are, after all, laws in place that protect your personal data. All public bodies that process personal data must protect it, just like any other data controller. If they fail in this regard, you could suffer, such as by becoming subject to identity fraud or theft. You could also suffer worry, stress, depression and lose sleep over the breach.
How This Guide Could Help
We have created this guide to answer common questions relating to a police breach of the Data Protection Act 2018. Whether a data breach has led to someone being able to commit fraud in your name, or you’ve suffered psychological damage due to it, this guide could help you. We also explain how we could help you get started on making a No Win No Fee claim with a data breach solicitor from our panel and the benefits of claiming under a No Win No Fee agreement.
If you’d like to speak to our advisors at any point, simply call 0800 408 7825. They’re available 24/7.
Select A Section
- Police Data Breach Claims Explained
- What Is A Police Data Breach?
- What Evidence Can Help Me Prove A Claim After A Police Data Breach?
- How Could A Police Force Or Constabulary Breach Data Protection Rules?
- Are There Different Types Of Damages?
- How Are Data Breach Payouts Calculated?
- Can I Claim For A Police Data Breach With A No Win No Fee Solicitor?
- Find Out If You Can Claim For A Police Data Breach
- Help For Victims Of Data Breaches
The police have the same duty of care to protect personal data that other organisations and public bodies have. Whether it is police staff data they are processing, or personal data relating to the public, they are bound by the UK General Data Protection Regulation (GDPR) and other data protection legislation to take steps to ensure it is not breached.
Should a data breach happen and the exposure of your personal data causes you harm, the Information Commissioner’s Office (ICO) could get involved. The ICO is an independent agency that enforces data protection laws and issues fines to parties that breach them.
The ICO would not handle your claim for compensation, however. You could obtain the services of a data breach lawyer to assist you if you are considering making a claim for a police force data breach.
How many people are affected by data breaches?
In 2020, Freedom of Information data revealed that 22 of the UK police forces reported in total over 2,300 data breach incidents. The Freedom of Information request, made by VPNoverview, was reported to have been sent to 45 forces, with 31 responses received. According to the figures, 299 breaches per station was the national average from 2016 to the first quarter of 2021.
The reasons for these breaches were reported to include human error, which included staff sending data to the incorrect recipient via e-mail, as well as cyber-attacks.
According to the ICO statistics from the second quarter of 2021/22, the Justice sector saw 40 incidents reported. While 2 of these related to cyber, the other 38 were non-cyber related.
Below, you can see the Top 5 sectors that suffered data breaches in Q2 2021-22.
A human error data breach occurs, according to the ICO, when personal data is disclosed, accessed, lost, altered, or destroyed unlawfully or without authorisation. Data breaches could happen due to malicious acts. However, they could also be accidental.
Personal data or personal information is anything that can be used to identify you, whether directly or indirectly.
To make a claim for a police data breach, you would need to be able to evidence:
- That there was a breach involving your personal data
- The breach happened due to wrongdoing on the police force’s part
- It caused harm to you (this could be financial expense or loss and/or psychological harm)
If you could prove all this, a data breach solicitor could take your claim on under a No Win No Fee agreement. We explain what these are further on in this guide.
If you are eligible to seek compensation for a data breach, you must have evidence to support your claim. It must show that when the data controller or processor failed to adhere to the data protection laws, your personal data was compromised, and you suffered psychological or financial harm as a result.
Evidence that might be useful in a personal data breach claim includes:
- Any correspondence between yourself and the organisation. For example, if a police data breach compromised your personal data, the controller may have informed you by letter or email. This letter could contain information about when and how the breach occurred and what personal information was involved.
- The results of an ICO investigation. If you reported a data breach to the ICO and they decide to investigate it, their findings could be used as evidence in your claim. However, you must do this within 3 months of your last meaningful communication with the organisation responsible regarding the breach.
- Evidence of your mental harm, such as a copy of your medical records confirming your diagnosis.
- Evidence of your financial losses, such as a copy of your bank, credit or debit card statements.
To discuss what evidence may be useful in personal data breach claims, please contact one of our advisors using the details at the top of the page.
As we have mentioned, some types of police data breaches could happen due to human error. Others could occur due to malicious acts by those inside or outside of the organisation.
Examples of potential data breaches include:
- An employee e-mailing your personal case data in error to the wrong recipient
- Police officers failing to redact your personal information before sending data to a third party
- Staff members sending your personal data to the wrong postal address when they have your correct address on file.
- A member of staff leaving an unsecured USB containing personal information relating to witnesses on a bus
- Officers failing to use BCC when sending e-mails to groups of people, exposing e-mail addresses to unauthorised recipients
- Police staff falling victim to phishing attacks, allowing cybercriminals to gain access to personal data
No matter what the situation that led to the data breach, if the party that was supposed to protect your personal data acted wrongfully or negligently and this led to it, harming you, you could be eligible to claim compensation. If you are not quite sure whether the data breach you suffered could lead to a claim, we would be happy to speak to you.
The different damages you could claim under the UK GDPR are material damage and non-material damage. If you’re not sure what these are, we explain below.
Material damages – These damages could also compensate you for any financial losses caused by the breach. For example, if someone steals from you using exposed personal data, you could claim material damages.
Non-material damages – Having your data exposed could have a psychological impact on you. As the result of a breach, you could suffer anxiety, depression, distress and loss of sleep. Non-material damages compensate you for psychological harm.
You might be interested to learn of the legal case that set a precedent, allowing you to claim compensation for psychological injuries you suffer from a data breach, even if you haven’t also suffered financially. The Court in Vidal-Hall and others v Google  held that compensation such as that claimed in personal injury cases for psychological injury could be considered.
Calculating data breach compensation for a police data breach depends on the level and type of damage you suffer. For example, if someone steals money from you due to a breach, you’d need to evidence the amount to claim for it. Bank statements and other documents such as credit card statements and receipts could be useful for this purpose.
When it comes to how courts and lawyers calculate psychological injury compensation, they would need to see an independent medical report. You would go to see an independent medical expert to talk about how the breach affected you. They would write a report, which your solicitor could use against the Judicial College Guidelines, to arrive at an appropriate amount.
These guidelines list injuries and their varying severities with a corresponding bracket of potential compensation.
How much could your settlement be?
Below, you will find a compensation table with figures from the Judicial College Guidelines (JCG). We believe it acts as a good alternative to a personal injury claims calculator to give rough guidance on compensation amounts.
|Injury/Condition||Approximate Guideline||Level of Severity|
|Cases of general psychological injury||£54,830 to £115,730||Severe|
|Cases of general psychological injury||£19,070 to £54,830||Moderately severe|
|Cases of general psychological injury||£5,860 to £19,070||Moderate|
|Cases of general psychological injury||Up to £5,860||Less severe|
|PTSD||£59,860 to £100,670||Severe|
|PTSD||£23,150 to £59,860||Moderately severe|
|PTSD||£8,180 to £23,150||Moderate|
|PTSD||Up to £8,180||Less severe|
If you can’t see your injuries in the compensation table above, why not get in touch? Our advisors can value your claim for free.
If you have a valid claim following a police data breach, you might worry about how much it would cost you to use the services of a solicitor. However, our panel of data breach solicitors offer No Win No Fee agreements.
This means that you do not have to pay any solicitor fees until your claim ends. Better yet, you don’t have to pay any solicitor fees at all if your claim isn’t successful.
If your claim is successful, you’d pay the solicitor a success fee, but this is capped by law. What’s more, you’ll discuss it with your solicitor beforehand.
With specialist legal support, you could have a better chance of being compensated for a police data breach. If you make data breach claims with the help of a specialist solicitor, they’d use all of their professional knowledge and expertise to negotiate for the maximum compensation possible on your behalf.
Could A No Win No Fee Solicitor Take On My Claim?
Prior to taking your claim on under a No Win No Fee agreement, your solicitor will need to ascertain whether your case has a favourable chance of success. Factors they will investigate would include:
- Is there evidence of a GDPR breach (or other data protection legislation breach) that led to a data breach?
- Was your personal data compromised?
- Did it occur because of the positive wrongful conduct of the data controller?
- Did you suffer emotionally and/or financially?
They would also check if your claim was being made within the relevant limitation period. For claims that involve public bodies, the period would usually be 1 year, while for other claims it could be 6 years.
If you’re looking to start a police data breach claim, we’re here to assist you. Our advisors could assess your case and offer you the advice and support you are looking for. There are a number of ways for you to reach us, including:
We look forward to hearing from you.
If you’d like to learn more about data breach claims, check out the guides below:
- Report A Breach – The ICO shows you how to make a report to an organisation that you believe breached your personal data security.
- What Is Personal Data? – The ICO explains what personal data includes.
- Your Data Matters – Further information from the ICO about your rights.
- Data Breaches: Lost Or Stolen Devices – You can find out whether the loss or theft of devices could lead to a police data breach here.
- E-mail Address Breach – Advice on whether you could claim for such a breach.
- Data Breach Compensation Claims – Our general guide to claiming compensation following a breach of GDPR.
Thank you for reading our guide on what you could do after a police data breach.