This guide will aim to answer this question, ‘is a phishing email a data breach?’ To do so, we will discuss the definition of a personal data breach, as well as how UK legislation works to protect your personal data.
In the UK, the data protection rights of residents are protected by two main pieces of legislation, the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR). These are enforced by the Information Commissioner’s Office (ICO), an independent data security watchdog.
If you would like to learn more about making a claim, read on or contact one of our friendly advisors. They can give you free legal advice and free consultation to discuss your claim. To get started on your claim or to learn more about how a solicitor from our panel could help you, get in touch with our team by:
Browse Our Guide
- Is A Phishing Email A Data Breach?
- When Am I Eligible To Claim For A Phishing Email Data Breach?
- Evidence That Could Be Used When Claiming For A Data Protection Breach
- How Much Compensation Could I Get For A Data Breach?
- Our Panel Of No Win No Fee Data Breach Solicitors Can Help You Claim
- Learn More About Claiming For A Phishing Email Data Breach
A phishing email is a form of internet scam that invites the recipient to visit a website or click on a link that then downloads a virus or requests personal information. Receiving a phishing email is not a data security breach in and of itself. However, responding to the email with personal data can be.
Personal data is typically any piece of information that on its own, or alongside other data, can be used to positively identify you as a person. For example, this might include your phone number, full name, or address. If the integrity, availability, or confidentiality of this data is affected by a security incident, this is a personal data breach.
Read on to find out if you could be eligible to claim for a personal data breach, or get in touch with our advisors today to get started.
The two parties responsible for handling your personal data are known as data controllers and data processors. A data controller is responsible for establishing a lawful basis for using your personal data, and they make all the decisions surrounding how it is processed. Then, a data processor follows these instructions in order to process the data.
In order to be eligible to make a claim for a phishing email data breach, it must occur as a result of the data controller or data processor’s wrongful conduct. You must also suffer from financial harm or psychological harm as a result of the breach, and it must affect your personal data. These stipulations are laid out in Article 82 of the UK GDPR.
Our advisors are on hand to tell you if you could be eligible to claim for a personal data breach. Get in touch today for more information, or read on for more insight into whether a phishing email is a data breach.
Is There A Time Limit When Making A Data Breach Claim?
The current time limit for starting a claim after a phishing email data security breach is typically 6 years. However, this falls to one year if you are making a claim against a public body.
If you suspect a data breach has affected your personal data, it may be beneficial to start gathering evidence. Evidence can help strengthen your claim. It can also help establish liability for the breach. Some examples of evidence that you could collect include:
- Letters or emails between yourself and the organisation at fault for the breach
- Correspondence with the ICO, such as the findings of an investigation
- Bank statements, credit scores, or invoices that prove the financial losses caused by the breach
- Medical reports or records that show the extent of damage done to your mental health by the breach
While the ICO does not offer compensation or handle claims, reporting your breach to them can be beneficial to your claim. The ICO can open investigations into potential breaches, and can then issues fines against organisations found to be at fault.
For further help on how to report a data breach issue or the evidence that can help support one, please get in touch.
Compensation is assessed in two areas in personal data breach claims. Non-material damage compensation looks at the psychiatric harm caused. With medical proof, it can acknowledge the stress, anxiety, and trauma created after a phishing email data breach.
Solicitors and lawyers can refer to the Judicial College Guidelines (JCG) to help them calculate non-material damage compensation payouts. This document offers guideline settlement amounts for physical and psychological injuries, examples of which you can find below.
|Psychiatric Harm||A poor prognosis indicated with impact felt in all areas of the person's life||(a) Severe - £54,830 to £115,730|
|Psychiatric Harm||Symptoms that show a similarity with those above, though a more optimistic prognosis is present||(b) Moderately Severe -£19,070 to £54,830|
|Psychiatric Harm||Similar issues to the bracket above but an improvement seen by the time the case may need to be heard at trial||(c) Moderate- £5,860 to £19,070|
|Psychiatric Harm||This award bracket looks at the length of illness caused and how symptoms affect daily life||(d) Less Severe - £1,540 to £5,860|
|Post-Traumatic Stress Disorder (PTSD)||An acute trauma response that permanently impacts all areas of the person's life||(a) Severe - £59,860 to £100,670|
|PTSD||A better prognosis than above after professional intervention||(b) Moderately Severe - £23,150 to £59,860|
|PTSD||Largely a recovery with continuing symptoms being not grossly disabling||(c) Moderate - £8,180 to £23,150
|PTSD||Within 2 years, an almost full recovery occurs, and remaining symptoms are minor.||(d) Less Severe - £3,950 to £8,180
Can I Claim For Material Damage In A Data Breach Claim?
Material damage compensation accounts for the financial losses caused by a personal data breach. For example, material damage compensation could cover:
- The theft and loss of funds from your bank account
- Fraudulent purchases made in your name or on your debit or credit cards
- Damage to your credit score
- The expenses associated with counseling costs for stress
Our advisors are on hand to help ensure that you include all the current and predicted costs associated with the phishing email data security breach. Get in touch for free guidance or use our compensation calculator for more information.
Our team can offer a free assessment of eligibility and possibly connect you with a solicitor from our panel to help you get started with a No Win No Fee agreement. A typically used version of these are Conditional Fee Agreements (CFA), which allow you to access the services of a solicitor, generally without having to pay an upfront fee.
Likewise, you typically don’t have to pay any ongoing fees to your solicitor as your claim progresses. If your claim goes on to succeed, your solicitor will take a success fee from your settlement. This percentage has a legislative cap to help make sure you keep the majority of your award.
You can find out if you are eligible for representation on a No Win No Fee basis by:
For more helpful guides surrounding personal data breach claims:
For more guidance:
Contact our team today for more advice on if a phishing email is a data breach.
Writer Jeff Wilders
Editor Cat Hunt