If you’ve been the victim of an HR data breach, you may have suffered emotional and financial damage. A personal data breach can cause significant effects on your life, and you may wish to know if you could be eligible to claim compensation. This guide will explain what a personal data breach is and how you can seek a settlement.
We will discuss some data breach examples and how they can occur. You can also see examples of compensation brackets in this guide for non-material damage. Alongside this, we will explain what a No Win No Fee agreement is and how working with a solicitor with these terms can strengthen your claim.
To learn more about making a personal data breach claim, continue reading this guide. Or, if you have any further questions, you can contact our advisors. Our team can offer you free expert legal advice with no pressure to claim through our services.
Select a Section
- What Is An HR Data Breach?
- HR Data Breach Examples
- HR Data Breach – Am I Eligible To Make A Claim?
- Data Breach Compensation Examples
- Connect With No Win No Fee Data Breach Solicitors
- Learn More About HR Data Breaches
A data breach is a security incident involving the destruction, loss, alteration, unauthorised access, or disclosure of personal data, whether accidental or unlawful. As an independent UK body, the Information Commissioner’s Office (ICO) upholds data protection laws and levies fines against organisations that do not comply with data protection laws.
When making a claim for a personal data breach, the fault must be with the data controller or data processor. The data controller decides how and why your personal information is used. The data processor processes this data on behalf of the data controller.
Data protection legislation is displayed in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). If a company breaches the UK GDPR, which leads to your personal data being compromised, you may be eligible to make a claim for compensation.
The breach must involve your personal data if you wish to claim. This means any information that could be used to identify you. For example, your name, or your postal address. Special category data is a type of personal data that needs extra protection due under the above legislation. This can include data that refers to sensitive topics such as your medical records, medical conditions, trade union membership status, and sexuality.
We will discuss the terms of eligibility to make an HR data breach claim further in this guide.
HR departments have access to personal information through things like disciplinary records and disciplinary information, employee files, and payroll information. Because of this, there are many ways that a data breach can occur. Some examples include:
- Sending data to the wrong address: For example, if an HR employee sends documents or files to the wrong email address or postal address, this could allow unauthorised parties access to your personal information.
- Failure to use BCC: The blind carbon copy (BCC) feature allows HR departments to send batch emails without revealing the email addresses of fellow recipients. However, if an employee fails to use this feature, this could reveal your email address to others.
- Inadequate storage: Storing physical or digital personal data in an insecure location can allow criminals to access this information through theft or hacking.
Legislation protects both physical and digital forms of personal data. Our advisors are available 24 hours a day, seven days a week if you need support after suffering from an HR data breach.
The Latest Statistics On Data Breaches
Alongside upholding legislation, the ICO provides information and advice on data security. This includes publishing data security incident trends.
In the 2019/20 financial year, 11,499 data security incidents were reported to the ICO. This dropped to 9,599 in the 2021/22 financial year, with the majority of reports involving non-cyber incidents.
You may be wondering how to make a claim for a personal data breach. In order to make a claim, you must prove that the breach was a result of wrongful conduct on the part of the data controller or the data processor. Alongside this, you must also supply evidence that you’ve suffered harm as a result of the breach.
If a breach occurs that meets the ICO’s threshold for reporting, it must be reported within 72 hours. Alongside this, the organisation must inform you of the breach without undue delay.
If you’ve discovered a breach yourself, you can inform the organisation of your findings. They may be able to tell you more about the breach, such as what personal information was involved. If you haven’t received a satisfactory response within three months, you can report the breach to the ICO and ask them to investigate.
Please note that though the ICO can issue fines to companies that breach legislation, you cannot make a claim for compensation through them. Our advisors can support you with starting the claims process. Call us today to learn more about how to report a data breach.
Non-material damage involves any psychological injuries you sustain due to the breach. This may be stress, post-traumatic stress disorder (PTSD), or depression. You must be able to prove that you have suffered harm in order to claim under these headings.
The Vidal-Hall & Others V Google Inc.  case changed the way that you claim for damage. Before this case, you had to claim for both financial and psychological damage in order to receive non-material damage. However, since this case, you can now claim for both forms of damage alone or together,
To see how much compensation your claim may be worth, we’ve included a compensation calculator table below using information from the Judicial College Guidelines (JCG). The JCG is also used by legal professionals to value compensation claims across a range of subjects. The table below demonstrates guideline amounts for non-material damage, but it’s important to remember that these are guidelines only, and not guarantees.
|Severe Psychiatric Injury (a)||£54,830 - £115,730||The prognosis is extremely poor, with injuries affecting all aspects of life and causing vulnerability in the future.|
|Moderately Severe Psychiatric Injury (b)||£19,070 - £54,830||Injuries impact relationships and prevents the injured person from returning to work.|
|Moderate Psychiatric Injury (c)||£5,860 - £19,070||There will be marked improvement of symptoms by the time of trial, leading to an improved prognosis.|
|Less Severe Psychiatric Injury (d)||£1,540 - £5,860||Conditions such as the length of disability and affect on daily activities will be considered for this bracket.|
|Severe PTSD (a)||£59,860 - £100,670||The injured person will be unable to function as they did before the injury occurred. All aspects of life are poorly affected.|
|Moderately Severe PTSD (b)||£23,150 - £59,860||Professional help can improve the prognosis, but significant symptoms will persist.|
|Moderate PTSD (c)||£8,180 - £23,150||Most injuries can be recovered from with minor effects persisting into the future.|
|Less Severe PTSD (d)||£3,950 - £8,180||Most recoveries can occur within two years of being injured with minor symptoms continuing.|
Our advisors can offer an estimate of what your personal data breach claim may be worth.
You may be interested in working with a data breach solicitor on a No Win No Fee basis for your claim, under the terms of a Conditional Fee Agreement (CFA). A No Win No Fee solicitor from our panel can help you make your claim with lower financial risk, and benefits that include:
- Legal representation from a professional solicitor
- Zero upfront fees
- No costs for the duration of your claim
- No solicitor fees if your claim ends unsuccessfully
In the event of a successful claim, your solicitor takes a success fee. This is a percentage of your compensation. However, there is a legal cap, to help in ensuring that you get the majority of your award. But, if your claim does not succeed, you do not pay this.
Our panel of advisors can provide free legal advice. They can also advise you on your claim, and identify whether it is valid. If it is, they may pass you on to an expert solicitor from our panel. To get in touch today, you can:
We’ve provided some additional resources below to help you with your claim.
See here for more of our guides:
To learn more about making an HR data breach claim, or to if you would like to receive free legal advice from a member of our team, contact our advisors today.
Writer Jess Arrow
Publisher Cat Hunt