Has your personal data been compromised in a lost files data protection breach? If you have suffered harm as a result of an organisation’s failings, you may be eligible for compensation. Many different companies may hold your personal data in a physical format, such as paper files. Under data protection laws, to prevent a personal data breach, both physical and digital files must be protected when they contain any personal data.
According to data protection law, data controllers and processors are responsible for protecting personal data. Data controllers decide how and why they use your data, whereas data processors process your data on the data controller’s behalf.
In this guide, we will explore what kinds of personal data organisations may hold in their files, and how these files could be lost, resulting in a data breach. We will also explore who is eligible to claim compensation, and how a personal data breach solicitor from our panel could help you start your claim.
You can also contact our advisors for free legal advice. You can contact them any time, any day of the week.
Select A Section
- What Are Lost Files Data Protection Breach Claims?
- Files Organisations Hold About You
- What Should An Organisation Do If It Has Lost Your Files?
- Do I Have The Right To Claim Compensation For A Lost Files Data Protection Breach?
- How Much Could You Claim For A Lost Files Data Protection Breach?
- Talk To Us About Your Right To Claim
Personal data is information that can identify you, and with this in mind, a personal data breach is a security incident that affects your personal data’s integrity, availability, or confidentiality. Personal data breaches can result from deliberate and accidental causes (e.g. cyber attacks or human error.)
To form the basis of a successful compensation claim, you must prove that the breach was a result of the data controller or processor’s failings. Also, you must prove that because of this, you suffered harm. This could be financial harm, or psychological harm.
The obligations and responsibilities of those who handle personal data in the UK are outlined in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Under the UK GDPR, organisations must take appropriate safety measures in order to keep personal data safe from loss or thievery. If they fail to do so, and files containing your personal data are lost, you may be able to make a claim for compensation.
Contact our team of advisors today to learn more about lost files and data protection breach claims.
Many organisations will collect and process your personal data, either in physical formats, such as paper files, or digitally, such as on a memory stick or hard drive. These files could contain personal data such as your name, home address, email address, or phone number.
Some organisations may hold a kind of personal data known as special category data. This is information that is more sensitive and therefore needs extra protection. Some examples could be:
- Health and medical data (e.g. dental records or healthcare records.)
- Data surrounding your nationality or ethnicity (e.g your passport or driver’s license.)
- Trade union information (e.g employee records.)
For example, the HR department of your workplace may have an employee file containing your personal information, such as your name, home address, and phone number. This file may also contain special category information, such as your trade union membership, your nationality, and your ethnicity.
In this case, your employer should ensure that the proper safeguarding measures are taken to protect these files. If your employer fails to take these measures, this could result in a stolen or lost files data protection breach. Contact our team today to learn more.
If an organisation has lost its files in a data breach, there are certain steps it may need to follow. For example, they must inform you of the breach if it could interfere with your rights or freedoms as soon as possible.
One way that personal data breaches can occur is through human error. For example, if an employee leaves a file containing personal data in a public place or on public transport. Another way that a data breach could occur is through an employee sending files to the wrong email address.
There are steps that organisations can take to help prevent/ minimise the risk of personal data breaches happening. These can include ensuring that staff have access to proper data protection training for both physical and digital records and putting adequate data protection policies in place.
Contact our advisors for information on claiming for a lost files data protection breach.
If you have suffered a lost files data protection breach, you may be wondering if you have the right to claim compensation. In order to make a successful claim, there are certain criteria that your case must meet.
Firstly, you must show that your personal data was breached due to the data controller or processor’s failings. For example, if files containing your personal data were hacked because the organisation responsible for storing this information did not have adequate cybersecurity measures. Or, files containing your personal data were accidentally emailed to a third party without a lawful basis.
Additionally, to make a successful claim, you must also prove that due to the data breach, you have suffered financial loss or mental distress – e.g. anxiety and depression. We will explain the kinds of damage you may suffer as a result of a personal data breach in the next section.
Contact our team of advisors today for more information on making a lost files data protection breach claim.
There are two potential heads of claim you may wish to pursue in your personal data breach claim:
- Material damages are any financial losses you suffered because of the personal data breach—for example, charges made on your credit card after your banking information was breached. Make sure to keep a record of all these financial losses to be able to claim them back.
- Non-material damages are for any damage caused to your mental health because of the personal data breach. For example, you may suffer from extreme anxiety and stress due to having your home address leaked in a personal data breach.
Previously, to claim non-material damages, you would have to prove that you also suffered from financial loss. After the Vidal-Hall and Others v Google Inc  ruling, the Court of Appeal ruled that claimants can claim compensation for mental injuries following a personal data breach without claiming for financial loss.
Please find below a table of compensation guidelines for non-material damages. These compensation brackets align with the 2022 Judicial College Guidelines (JCG) edition. These figures are only guideline amounts, and the actual amount you may receive can vary.
|Post-Traumatic Stress Disorder (PTSD)||Severe - The person will suffer permanent effects, preventing them from working/functioning the same as pre-trauma. All aspects of life will be affected.||£59,860 - £100,670|
|PTSD||Moderately Severe - Some professional help may enable some recovery, leading to a better prognosis.||£23,150 - £59,860|
|PTSD||Moderate - The person will have largely recovered. Continuing symptoms will not be majorly disabling.||£8,180 - £23,150|
|PTSD||Less Severe - The person will virtually experience a full recovery within one to two years. Only minor symptoms will persist after this period.||£3,950 - £8,180|
|Psychiatric Injury||Severe - The person will have serious problems with being able to cope with life/education/work and will experience extreme future vulnerability.||£54,830 - £115,730|
|Psychiatric Injury||Moderately Severe - The person will still have serious issues coping with the situations above, but may have a slightly better prognosis.||£19,070 to £54,830|
|Psychiatric Injury||Moderate - Whilst the person will suffer with the ability to cope with life/education/work and will experience future vulnerability, there will have been marked improvements by trial.||£5,860 - £19,070|
|Psychiatric Injury||Less Severe - Will consider the damage period and the extent to which sleep and daily activities were affected.||£1,540 - £5,860|
Contact our advisors today for a free estimate of what your claim could be worth.
Our panel of solicitors may be able to guide you through your claim with the help of a Conditional Fee Agreement (CFA). A CFA is a type of No Win No Fee agreement that comes with many benefits, such as:
- If your case doesn’t succeed, you will not be obligated to cover your solicitor’s service fees.
- If your case is successful, your solicitor is paid through a success fee. With a legal cap, this is a small percentage of your final award.
Contact our team of advisors to learn how a solicitor from our expert panel could help you start your claim. They can provide free legal advice and tell you if you have a valid personal data breach claim. To get in touch:
Learn More About Your Rights After A Data Breach
Below are some additional links that may be beneficial to you.
- Data breach compensation – the essential guide.
- How to make a claim for stolen documents.
- Common causes of data breaches.
- ICO: Guide to UK General Data Protection Regulation (UK GDPR.)
- ICO: Taking your case to court and claiming compensation.
- UK GOV: Cyber Security Breaches Survey 2022.
Contact our advisors today for more questions regarding a lost files data protection breach.