Everyone trusts that their personal data will be kept safe while in the hands of their employers. However, that is not always the case, and the consequences can be severe for all those affected by a personal data breach. If you have suffered harm because your personal information was compromised, you might be eligible to make a claim for employer data breach compensation.
Our guide explores the entire claims process, starting with a look at the criteria that need to be met in order to seek compensation. We’ll then examine the different types of personal data that employers might collect and the legislation they need to comply with.
As you continue reading through our guide, you’ll also learn about data breach compensation and what it can potentially cover. Afterwards, we explain how breaches can happen, together with some examples showing why they might result in a valid claim.
You will also find out what is involved in building a compelling case and how long you have to start a claim. Finally, we will highlight some of the benefits of starting a No Win No Fee claim through our panel of solicitors.
To see if you can start your claim for employer data breach compensation today, please contact our helpful advisors by:
- Visiting our ‘contact us’ page on our website
- Calling them at 0800 408 7825
- Making a free claim enquiry
Jump To A Section
- Can I Claim For Employer Data Breach Compensation?
- What Compensation Can I Get For An Employer Data Breach?
- How Might Personal Data Be Breached By An Employer?
- How Can I Show My Employer Is At Fault For A Data Breach At Work?
- Is There A Time Limit For Claiming Employer Data Breach Compensation?
- How A No Win No Fee Solicitor Can Help
- Learn More
Can I Claim For Employer Data Breach Compensation?
Yes, you might be able to claim for employer data breach compensation if your case meets the following criteria:
- The organisation responsible for your personal data failed to adhere to the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. These laws establish the framework for how personal data belonging to UK citizens gets processed
- The failure to comply with data protection laws resulted in a breach
- As a result, you suffered emotional or financial harm (or a combination)
Data protection laws like the UK GDPR set out how organisations such as employers must act when processing personal data. Later on in this guide, we’ll take a look at some examples of what might happen if an employer fails to meet their obligations, and why it might be grounds to claim compensation.
What Is An Employer Data Breach?
All data breaches (including those involving employers) can be defined as security incidents that affect the integrity, confidentiality, or accessibility of personal data. These breaches might be accidental or intentional. This definition is set out by the Information Commissioner’s Office (ICO), the independent UK regulator for enforcing data protection.
But what kind of personal data might employers collect? To comply with their obligations, employers may need access to a range of personal data, particularly in terms of paying taxes and salaries. Some examples of personal data that may be held by an employer can include your:
- Name
- Address
- National insurance number
- Personal email address
Your place of work may also sometimes collect more sensitive information. Under the UK GDPR, this kind of information is termed special category data and requires additional protections. It can include personal data concerning your:
- Racial or ethnic origin
- Political opinions
- Health, such as whether you have any allergies or disabilities
- Biometrics, including fingerprints
- Trade union membership
- Sexual orientation
- Religious or philosophical beliefs
What Compensation Can I Get For An Employer Data Breach?
Compensation for employer data breach claims can be made up of 2 types of damage:
- Non-Material Damage: Psychological harm, such as anxiety, depression, and post-traumatic stress disorder (PTSD)
- Material Damage: Out-of-pocket financial losses resulting from the data breach
Your solicitor may assess non-material damage using an independent medical assessor’s report and suggested compensation brackets collected by the Judicial College Guideline (JCG). The JCG is a document that publishes these brackets for various forms of harm, including those involving conditions like PTSD.
The table below contains some of the JCG’s brackets. However, the top figure doesn’t come from the document, and it is important to note that the table overall is not a guarantee of compensation. After all, no two data breach claims are alike.
| Harm | Compensation Bracket |
|---|---|
| Multiple Severe Forms of Harm + Financial Expenses (e.g. Lost Income) | Up to £250,000 plus |
| Severe Psychiatric Damage | £66,920 to £141,240 |
| Moderately Severe Psychiatric Damage | £23,270 to £66,920 |
| Moderate Psychiatric Damage | £7,150 to £23,270 |
| Less Severe Psychiatric Damage | £1,880 to £7,150 |
| Severe PTSD | £73,050 to £122,850 |
| Moderately Severe PTSD | £28,250 to £73,050 |
| Moderate PTSD | £9,980 to £28,250 |
| Less Severe PTSD | £4,820 to £9,980 |
What If The Data Breach Has Caused Me To Suffer Financial Losses?
If the data breach caused you to suffer financial losses, you might be able to make a claim for them. These can include:
- Lost earnings, if you needed to take time away from work. These losses can also include benefits like bonuses and pension contributions
- Therapy or counselling
- The cost of relocation if you were required to move for security reasons
- Additional home security
In order to include these losses in your claim, you will need to present evidence like employment records, bank statements, and invoices.
If you would like further guidance on data breach compensation, please feel free to get in touch with our advisory team. They are here to help and can provide advice tailored to your specific circumstances.
How Might Personal Data Be Breached By An Employer?
Your personal data might be breached by an employer for a number of reasons. Below, we’ll look at several examples showing how a breach might occur and why it may lead to a claim:
- Inadequate security measures: Office management fails to regularly assess whether software security is up-to-date. This failure results in a cyber attack that compromises employee personal data, leaving you suffering from anxiety
- Mishandling your data due to human error: A lack of training at your office results in a letter with your personal data being posted to the wrong person. The data breach causes emotional distress and leads you having to invest in additional home security
- Losing a device or documents: Your manager ignores the company’s data protection policies and leaves their laptop unattended on a train. A passenger accesses the device and obtains sensitive data from your employment records, resulting in you developing long-term anxiety
- Data sharing: Your employer allows a friend who doesn’t work for the company to access your data without obtaining consent, causing you emotional distress
- Sharing passwords: While on a video meeting in a public café, your employer verbally shares the password to your computer. This failure results in your personal data being compromised, forcing you to move to a new home
If you are concerned that your personal data has been compromised, don’t hesitate to share your experience with one of our advisors. They are here to listen and can provide you with a free, no-obligation case assessment.
How Can I Show My Employer Is At Fault For A Data Breach At Work?
To show how your employer was at fault for a data breach at work, you will need evidence supporting your case. Some examples of the type of evidence that may help your claim include:
- The results of any investigation made by the ICO
- Copies of correspondence concerning the data breach. For instance, your employer is required to notify you of a security incident without ‘undue delay,’ if the breach affecting your personal data poses a serious risk to your freedoms and rights
- Evidence of your mental harm, such as a diagnosis of depression or anxiety
- Proof of any financial losses, such as wage slips or bank statements
As you try to recover from the fallout of a personal data breach, you may feel overwhelmed by the idea of gathering evidence, but a solicitor from our panel can help. They have years of training and specialist knowledge, ensuring they know exactly what evidence can support your claim, and how it can be obtained.
To learn more about how one of the solicitors making up our panel can help you obtain evidence, please reach out to our helpful advisory team.
Is There A Time Limit For Claiming Employer Data Breach Compensation?
There is a time limit for claiming employment data breach compensation, generally up to 6 years. However, it is worth starting your claim as soon as possible since the breach will still be fresh in your memory and evidence may be more complete.
If you’d like more information, please reach out to one of our advisors. They are here to help and are available 24/7 to answer any queries you have about the personal data breach claims process.
How A No Win No Fee Solicitor Can Help
We work with a panel of No Win No Fee solicitors who have helped clients nationwide get the data breach compensation they deserve. Having seen first-hand the kind of turmoil data breaches can cause, they always strive to make the claims process as stress-free as possible for their clients. They can help you and your claim in many ways, including:
- Providing you with clear and prompt advice about the claims process
- Ensuring you have a strong case by gathering evidence on your behalf
- Giving you regular updates on your claim
- Paying close attention to all aspects of the claim
- Handling all correspondence so you can focus on your recovery
- Negotiating a settlement that fairly reflects the harm you endured
This support (and much more) is available under the terms of a Conditional Fee Agreement (CFA). It ensures you won’t face any upfront solicitor fees, nor any extra ones as the claim progresses. If you don’t win, you don’t pay any solicitor fees at all.
You will only have to pay for the solicitor’s work if the claim is successful. This success fee comes out of your compensation, but it’s kept small due to the percentage being capped. So, you can rest easy knowing you’ll get most of what you receive.
Contact Our Advisors
Our advice services are live 24/7, and it takes just a moment to get in touch. All advice given is free and comes with no obligations, so you can have peace of mind that there won’t be any pressure to proceed once you contact our advisory team.
Whether you have any questions regarding this guide or want to start a data breach claim, please reach out to one of our friendly advisors by:
- Visiting our ‘contact us’ page
- Calling our advisors at 0800 408 7825
- Making a free claim enquiry
Learn More
By clicking on the following links, you will have access to further information from our other guides on data breach claims:
- Here are some examples of UK data protection breaches
- Access our FAQs on data breach claims
- Learn more about the definition of a data breach
Some references:
- Find out if you can claim statutory sick pay using this government page
- Here is further guidance on data breaches from the National Cyber Security Council (NCSC)
- An NHS overview of mental health services
We appreciate you reading this guide to employer data breach compensation and hope that you found it helpful.