Data breaches can have severe consequences, especially for charities. Charities hold sensitive data such as the personal information of their supporters, employees, and beneficiaries. If a charity data breach happens and such data falls into the wrong hands, it can be disastrous for the charity and the individuals affected. In the UK, the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) provide legal protection for individuals whose personal information has been mishandled by organisations, including charities.
Should you have suffered psychologically or financially as a direct consequence of a charity data breach, you could be eligible for compensation.
This guide provides tips on how to make a charity data breach claim, including whether you can claim compensation and how long you have to make a claim. Plus, it provides examples of charity data breaches, insight into calculating compensation payouts and starting a No Win No Fee claim. Additionally, you can find out where to learn more about making charity data protection breach claims.
For further information, why not get in touch?
Can I Claim Compensation For A Charity Data Breach?
You could claim compensation for a charity data breach if your personal data has been compromised as a result of the breach. The GDPR and the Data Protection Act 2018 provides individuals with the right to seek compensation for any material or non-material damage suffered as a result of a data breach. Material damage includes financial losses, such as identity theft or credit card fraud, while non-material damage includes emotional distress, anxiety, and loss of privacy.
To support a data breach compensation claim, you will need evidence. While the evidence you present will be unique to your case, some types of evidence that may support a data breach claim could include:
- A record of what data was breached
- If the data breach was reported to the Information Commissioner’s Office (ICO), an incident report could help support the claim.
- Any communications connected to the data breach could also be useful. For example, you could submit letters, emails, or records of phone calls. All these may help substantiate the claim.
- Forensic analysis of digital devices or IT systems by an expert may help to establish the extent of the data breach and how it occurred.
- A statement from those who witnessed the data breach or who have relevant information could also be useful in supporting the claim.
It is crucial to gather as much evidence as possible when filing a data breach claim, as it could increase the likelihood of a successful outcome. Seeking legal advice is advisable to help you with the evidence-gathering process. If you’d like help with this, please call an advisor.
How Long Do I Have To Make A Charity Data Breach Claim?
You have up to six years to make a charity data breach claim in the UK. The time limit starts from the date of the breach or when you first became aware that your data had been compromised. However, it is essential to act quickly, as the longer you wait, the harder it may be to gather evidence to support your claim. Also, in some cases, the time limit might be shorter than 6 years, particularly in cases involving public bodies.
Examples Of How A Data Breach Could Happen
Charitable organisations hold a wealth of personal and sensitive information about their supporters, beneficiaries, and employees, making them a prime target for cybercriminals seeking to obtain data illicitly. Here are some of the ways in which data breaches can occur at charities:
- Human error can lead to data breaches, such as mistakenly sending an email with confidential information to the wrong recipient or losing a laptop or USB drive with sensitive data.
- Cybercriminals may target charity computer systems. They could exploit weaknesses to gain unauthorised access to personal information.
- Malicious software, including viruses, ransomware, or trojans, can infect a charity’s computer system, allowing hackers to steal sensitive data.
- Phishing emails can be used by cybercriminals to trick charity employees into disclosing login credentials. These can then be used to access sensitive information.
- Or, charity employees or volunteers could intentionally or unintentionally disclose or misuse sensitive data, resulting in data breaches.
Not all instances where your data has been exposed would lead to a claim. You would need to evidence wrongdoing by the charity, and would have to have suffered harm as a direct result of the breach. To check your eligibility to claim, please call our team.
Has A Charity Been Fined For A Data Protection Breach
Yes, charities have been fined for data protection breaches in the UK. The Information Commissioner’s Office (ICO) is responsible for enforcing data protection regulations and has the authority to impose fines for breaches of GDPR and the Data Protection Act 2018. Here are some examples of charities that have been fined for data protection breaches:
- In 2018, the British and Foreign Bible charity received a fine of £100,000 for failing to protect supporters’ data. The breach occurred when the charity’s website was compromised. As a result, hackers stole the personal data of 417,000 supporters.
- In 2020, the RSPCA received a fine of £25,000 for failing to delete the personal data of supporters. These supporters had requested their data to be removed from the charity’s database.
Working Out Compensation Payouts For A Charity Data Breach
If you have sufficient evidence to support your data breach claim, you may wonder about the compensation you could receive. The compensation amount for a charity data breach claim varies significantly from case to case, depending on the damages caused by the breach. Therefore, it is advisable to approach each claim on a case-by-case basis.
When filing a data breach claim, you may be eligible to claim both material and non-material damages. Material damages typically include the loss of funds caused directly by the breach, while non-material damages may be claimed for psychological harm suffered due to the breach.
To provide insight into potential compensation amounts for successful data breach claims, we have included some examples below. The list outlines different brackets for psychological injuries that may be compensated as non-material damages under a UK data breach claim. These brackets are based on the 2022 edition of the Judicial College Guidelines, which can be used to value claims in England and Wales.
- Severe psychological harm – £54,830 to £115,730
- Moderately Severe psychological harm – £19,070 to £54,830
- Moderate psychological harm – £5,860 to £19,070
- Less Severe psychological harm – £1,540 to £5,860For further insight into compensation for charity data breach claims, please call an advisor. They could talk to you about the case and work out the level of compensation you could be eligible to claim. They could also help you to begin the claims process by connecting you with one of the data breach solicitors from our panel.
Starting A No Win No Fee Charity Data Breach Claim
If you are seeking compensation for a UK GDPR charity data breach, engaging solicitors to assist you with your claim can be beneficial. The decision to hire legal support is entirely up you. However, we always recommend seeking the services of a solicitor with prior experience in handling data breach claims. A No Win No Fee solicitor could be an option that does not require any upfront payment.
With this type of agreement, you will typically only be charged a success fee if your solicitor assists you in obtaining compensation for the breach. The success fee will be directly deducted from your data protection breach compensation and is legally limited by the Conditional Fee Agreements Order 2013. Therefore, you need not be concerned about excessive charges once your claim is settled.
You can contact our advisors at any time for further assistance or to start a claim:
Learn More About Making Charity Data Protection Breach Claims
If you would like to learn more about launching a charity data protection breach claim, the below links might be of interest. We have included both internal links to other relevant guides, as well as some external resources that could help you understand more.
Action The ICO Has Taken – You can read about the actions that the ICO has already taken with regards to data breaches.
Charity Data Breach – This page shows what action the ICO took against one particular charity for a data breach.
Cyber Threat Report – Here, you can learn about the risk in the charity sector when it comes to cyber threats.
Wage Data Breach – If your wage data has been breached, you can learn more about whether you could claim.
UK GDPR breach – Further insight into claiming compensation for a data breach can be found here.
Data Breach FAQs – Find answers to some common questions about data breach claims.