In recent years, data breaches have become an increasingly common occurrence, with more and more individuals and businesses falling victim to the theft or unauthorised access of sensitive personal information. The consequences of such breaches can be devastating, ranging from financial losses to identity theft and reputational damage. But if you were to make a claim, you might be asking ‘what is the burden of proof in a data breach claim?’ And how can you give yourself the best chance of getting the compensation you deserve?
UK law provides a framework for holding those responsible for data breaches accountable for their actions. In this guide, we will explore the burden of proof in data breach cases, discussing the legal requirements and obligations of data controllers and data subjects and the potential remedies available to those affected by a data breach.
Should you be considering making a data breach claim, we could help. Our advisors could assess your case to see if you could work with one of our panel of No Win No Fee solicitors to get the compensation you deserve.
Understanding The Burden Of Proof In Data Breach Cases
In the context of data breaches, the burden of proof refers to the obligation of the claimant to establish, on the balance of probabilities, that a data controller has wrongfully breached their obligations under data protection law, and that such breach caused them to suffer loss or damage. This burden rests with the claimant throughout the entire litigation process, from filing the claim to the final hearing.
Data Protection Law And Burden Of Proof
The Data Protection Act 2018 (DPA 2018) is the primary legislation governing data protection in the UK. It sets out the obligations of data controllers and data processors, as well as the rights of data subjects, and provides a legal framework for compensation claims arising from data breaches.
Under the DPA 2018, data controllers are required to take appropriate measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. Failure to do so may result in a breach of data protection law, for which the data controller may be held liable. Should a person have suffered damage (material or non-material) caused by the wrongful exposure of their data, they could make a claim against the liable party.
Personal Data Breaches – Establishing Liability And Burden Of Proof
A personal data breach occurs when there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. Under the DPA 2018, data controllers are required to notify the Information Commissioner’s Office (ICO) of any personal data breach within 72 hours of becoming aware of it, unless it is unlikely to result in a risk to the rights and freedoms of individuals.
In the event of a personal data breach, the data controller may be liable for any loss or damage suffered by the data subject due to the breach. To establish liability and meet the burden of proof in a personal data breach claim, the claimant must demonstrate that:
- The data controller had a duty of care to protect their personal data
- The data controller wrongfully acted and breached their duty of care
- The breach caused the claimant to suffer loss or damage.
Meeting The Burden Of Proof In Data Breach Litigation
To meet the burden of proof in a data breach claim, the claimant must show that the data controller breached their obligations under the DPA 2018, which incorporates the UK GDPR into UK law and that such breach caused them to suffer loss or damage. This requires evidence to support the claim, which may include the following:
- Documentation showing the data controller’s obligations under the DPA 2018
- Evidence of the data breach, such as copies of compromised data or notification letters from the data controller
- Evidence of the loss or damage suffered as a result of the breach, such as financial losses or psychological harm.
What Evidence Could I Collect?
In order to succeed in a data breach claim, it is important to provide sufficient evidence to support your case. This can include a range of different types of evidence, such as:
- Copies of any correspondence or notifications received from the data controller regarding the breach.
- Copies of bank statements or credit reports showing any financial losses or unauthorised transactions.
- Any documentation or records showing the extent of the breach and the data that was affected.
- Witness statements or testimonies from individuals who were affected by the breach or who witnessed the breach occurring.
- Expert reports or opinions from data security professionals or IT specialists regarding the data controller’s breach and the measures they should have taken to prevent it.
- Medical records or reports showing any physical or emotional harm suffered as a result of the breach.
- Any other relevant documents or evidence that support your claim and demonstrate the harm suffered as a result of the breach.
Providing strong, clear evidence to support your claim can greatly increase your chances of success in a data breach compensation claim.
Who Bears The Burden Of Proof In A Data Breach Claim?
In a data breach claim, the burden of proof rests with the claimant throughout the entire process. This means that the claimant must provide evidence to support their claim, and must convince the court on the balance of probabilities that the data controller breached their obligations under data protection law, and that such breach caused them to suffer loss or damage.
Compensation For Data Breaches – Meeting The Burden Of Proof
If a claimant is successful in meeting the burden of proof in a data breach claim, they may be entitled to compensation for any loss or damage suffered as a result of the breach. The amount of compensation will depend on the specific circumstances of the case, including the nature and extent of the loss or damage suffered.
Compensation may include both financial losses and non-financial losses, such as compensation for distress or emotional harm.
Common Challenges In Meeting The Burden Of Proof In Data Breach Cases
Meeting the burden of proof in data breach claims can be challenging, particularly in cases where the breach has resulted in non-financial losses, such as distress or emotional harm. Some common challenges in meeting the burden of proof in data breach cases include:
- Establishing causation – The claimant must demonstrate that the breach caused them to suffer loss or damage, and that such loss or damage was not caused by other factors.
- Proving non-financial losses – Non-financial losses, such as distress or emotional harm, can be difficult to quantify and prove in court.
- Time limits – There are strict time limits for bringing a data breach claim, and failure to comply with these time limits can result in the claim being barred.
- Legal costs – Bringing a data breach claim can be expensive, and the claimant may be required to pay legal fees and other costs associated with the litigation. However, there are ways around paying upfront for legal support, as we explain below.
No Win No Fee Claims Under Conditional Fee Agreements
If you have suffered a data breach and are considering making a compensation claim, it is important to seek legal advice from a specialist data breach advisor. Our advisors offer a free initial consultation to discuss your case and advise you on your options.
If you are concerned about the cost of bringing a data breach claim, you may be able to do so under a Conditional Fee Agreement (CFA), also known as a No Win No Fee agreement. Under a CFA, the solicitor agrees to take on your case on the basis that they will only be paid if the claim is successful. Therefore, if the claim is unsuccessful, you will not be required to pay them.
It is important to note that not all cases are suitable for a No Win No Fee agreement, and your solicitor will assess the merits of your case before agreeing to take it on under a CFA.
Get In Touch To Start Your Claim
Data breaches can have serious consequences for individuals, including financial losses, identity theft, and emotional distress. If you have been affected by a data breach, it is important to understand your rights and options for seeking compensation.
Meeting the burden of proof in a data breach claim can be challenging, but with the right legal advice and evidence, it is possible to succeed in a claim for compensation. Furthermore, it is important to act quickly, as there are strict time limits for bringing a data breach claim, and failure to comply with these time limits can result in the claim being barred. Therefore, why not get in touch today to find out what rights you might have to make a claim?
What Is The Burden Of Proof In A Data Breach Case? Find Out More
What Is The Process For Settling A Data Breach Claim? – Firstly, learn more about how data breach claims can be settled.
Can A Data Breach Claim Be Settled Out Of Court? – Not all claims go to court. Find out more about this here.
Data Breach FAQs; Frequently Asked Questions – Find answers to some common questions here.
Be Data Aware – Advice and guidance from the ICO.
Data Security Incident Trends – Learn about trends in data security incidents.
ICO – Who We Are – Finally, learn more about the ICO’s role.