In this guide, we explore data breaches caused by human error and when you might be eligible to claim human error data breach compensation. In this article, we will explain what a breach of your personal data is. Additionally, we will examine the legislation in place to help protect personal data.
Organisations should provide employees with data protection training to help avoid human error data breaches. This applies to both digital records and physical records.
You may wish to know how much compensation you could get for data breaches caused by human error. We examine the two heads that could make up a breach of your personal data claim, and the eligibility criteria set out by legislation.
To conclude, we explore No Win No Fee lawyers. You may find having legal representation benefits your claim. Contact our claims team if your personal data was compromised.
Speak with us 24 hours a day, 7 days a week:
- Contact us online
- Call 0161 696 9685
- Use the live chat feature
Data breaches caused by human error claims guide
Select A Section
- What Are Data Breaches Caused By Human Error?
- How Could Data Breaches Be Caused By Human Error?
- Case Study: The Cabinet Office Data Breach
- What Compensation Could I Get For A Data Breach?
- Can You Claim With A No Win No Fee Solicitor?
What Are Data Breaches Caused By Human Error?
A personal data breach caused by human error is a security incident that affects the confidentiality, availability or integrity of your personal data.
The UK General Data Protection Regulation (UK GDPR) along with the Data Protection Act 2018 (DPA) are in place to protect personal data. This legislation:
- Holds the data controller responsible for compliance. A data controller is typically an organisation that determines the purpose and procedure of processing personal data. A controller may outsource the processing of personal data to a data processor.
- Sets out eligibility criteria for making a personal data breach claim
In order to claim compensation, you must be able to:
- Prove the organisation did not comply with the data protection legislation that is in place. This failure then caused a compromise in personal data.
- Demonstrate that your personal data was included in the breach. Your personal data is protected by the UK GDPR and includes any information that can identify you, such as your name or address. A subtype of personal data known as special category data, such as your medical data, requires extra protection.
- Prove you experienced harm as a result of the breach. This could be financial harm, or it may be a mental health injury, such as post-traumatic stress disorder (PTSD).
Speak to our claims team if your personal data was compromised to find out if your claim could be valid.
How Long Do I Have To Claim For A Data Breach?
If you have suffered harm due to a human error data breach, and you are eligible to claim compensation, you will need to file your claim within the relevant limitation period. Under the Limitation Act 1980, the time limit to make most data breach claims is 6 years from the date of the breach.
However, there could be some exceptions to this. If a data breach caused by human error breaches your human rights, the limitation period could fall to just one year. This could also be the case if the breach is caused by a public body. It is important therefore to act quickly, to ensure you have enough time to claim.
If you would like to check how long you would have to launch your claim or ask questions about the claims process, you can contact an advisor at any time.
They will be able to check your eligibility to claim and could connect you with a solicitor from our panel who could take your claim forward.
How Could Data Breaches Be Caused By Human Error?
There are a number of ways in which human error could contribute to a personal data breach, for example:
- Failure to use BCC: Failing to use the blind carbon copy (BCC) feature in a batch email could result in the exposure of the recipient’s email addresses.
- Loss of devices: Loss of devices that contain personal data, such as laptops, hard drives, and mobile phones, could lead to a personal data breach. Devices containing personal data should be password protected or have two-factor authentication enabled.
- Wrong address: Organisations must ensure that their records are kept up-to-date. Also, employees should check that the addresses on emails and postal letters are correct. If a letter or email containing personal data is sent to the wrong address, this could result in a personal data breach.
Contact our team of advisors today to find out if you could be eligible to claim for data breaches caused by human error.
Case Study: The Cabinet Office Data Breach
The Information Commissioner’s Office (ICO) is an independent body responsible for enforcing data protection laws. As part of their data protection role, they investigate breaches in personal data and can issue fines.
In 2021, the ICO fined the Cabinet Office £500,000. December 2019 saw the Cabinet Office publish a file containing the postal addresses of over 1,000 people on the New Year’s Honours List.
This incident was a result of the Honours and Appointments Secretariat incorrectly setting up a new IT system. Files were amended instead of modifying the IT system. Each new file generation saw postal addresses automatically added. Without a process in place to sign off on files, a file with postal details was online for two hours and 21 minutes.
What Compensation Could I Get For A Data Breach?
Compensation claims for personal data breaches by human error can consist of two heads:
- Material damage: Material damage supplies compensation for the financial losses you suffer as a result of the breach. You may experience a criminal taking out a credit card in your name, for example, or fraudulent charges to your debit card.
- Non-material damage: A breach of your personal data may cause you a psychological injury, such as stress. To compensate for your psychiatric suffering, you could claim non-material damage.
Since the ruling of Vidal-Hall and Others v Google Inc [2015], you may now claim for non-material damage without also claiming for material damage.
Legal professionals often use the Judicial College Guidelines (JCG) to help them value claims. This document contains a list of injuries alongside guideline compensation brackets based on payouts in previous claims. The table below contains figures from the 16th edition, published in April 2022.
| Injury | Severity | Potential Compensation | Notes |
|---|---|---|---|
| PTSD | Severe (a) | £59,860 - £100,670 | Functioning at pre-trauma level is no longer possible. The injury has a permanent impact on all areas of life. |
| PTSD | Moderately severe (b) | £23,150 - £59,860 | A significant disability that lasts into the foreseeable future, however, with a professional, the claimant may make some recovery. |
| PTSD | Moderate (c) | £8,180 - £23,150 | A recovery largely takes place but some symptoms may remain. These do not cause a gross disability. |
| PTSD | Less severe (d) | £3,950 - £8,180 | A virtual full recovery, but some minor symptoms may be experienced beyond 1-2 years. |
| Emotional Harm | Severe (a) | £54,830 - £115,730 | Life is difficult to cope with and manage due to the injury. The prognosis is very poor. |
| Emotional Harm | Moderately severe (b) | £19,070 - £54,830 | Although the prognosis is more optimistic than in severe emotional harm, significant difficulties arise coping with life. |
| Emotional Harm | Moderate (c) | £5,860 - £19,070 | Problems coping with life occur, but mental state improvements also occur and the prognosis is good. |
| Emotional Harm | Less severe (d) | £1,540 - £5,860 | The award depends on the length of disability and remaining effects. |
For a free estimation of what data breaches caused by human error claims could be worth, contact our advisors today.
Can You Claim With A No Win No Fee Solicitor?
If you are eligible to claim for a personal data breach, you may wonder how a No Win No Fee solicitor could help you. Our panel of No Win No Fee solicitors can guide you through your claim under a Conditional Fee Agreement (CFA). Generally, you will not pay an upfront fee under a CFA. You also will not have to pay ongoing fees.
If your claim succeeds, you will pay a success fee. Your solicitor will take this fee as a percentage of your award. However, this percentage has a legal cap. Your solicitor will discuss this amount with you before you begin your claim. But, if your claim is not successful, you will not pay this fee.
If you have suffered harm as a result of data breaches caused by human error, contact our advisors today. If your claim is valid, they may connect you with a solicitor from our panel.
To learn more:
- Contact us online
- Call 0161 696 9685
- Use the live chat feature
Further Resources
The following links may help you:
Additional Legal Helpline guides:
- What Are My Rights If My Employer Breaches The DPA?
- Bank Data Breach Compensation Claims
- How To Report A Data Breach
To learn more about data breaches caused by human error, contact our advisors.