Skip to content 
Personal data is shared every day, including with employers. When that information gets compromised due to a data breach at work, it can have life-altering consequences for those affected, from long-lasting mental health damage to financial loss.
Whether human error or a malicious cyberattack led to the personal data breach, you may be entitled to claim compensation. Our guide aims to shine a light on your rights after a personal data breach, explores why breaches happen, and explains how the claims process works. We explain the eligibility requirements that all data breach compensation claims need to meet, and also the different forms of harm you could be compensated for.
Additionally, we share how one of the solicitors on our panel could help you with claiming compensation.
You can discuss your case today by reaching out to our team using the following contact details:
- Use our live chat pop-up.
- Ring us on 0333 000 0729
- Contact us online.
Jump To A Section
- What Personal Data Could Be Breached At Work?
- Would My Employer Be Liable For A Data Breach?
- Examples Of Data Breach At Work Claims
- What Compensation Could I Get For A Workplace Data Breach?
- How Would My Compensation Be Calculated?
- Do I Need to Notify The ICO About A Work Data Breach?
- How Do I Make A Data Breach At Work Claim?
- Can I Claim On A No Win No Fee Basis?
- More Information
What Personal Data Could Be Breached At Work?
Under the UK General Data Protection Regulation (UK GDPR), personal data encompasses certain information that could identify someone directly (or in combination with other information). Examples of personal data your workplace could hold about you include:
- Your national insurance number.
- Your bank account details.
- Your personal email address.
- Your full name and date of birth.
- Your contact number.
- Your home address.
Sometimes, your workplace may also hold information about you that is more sensitive, and therefore requires extra protection; this is known as special category data under the UK GDPR. This includes information regarding:
- Your ethnic or racial identity.
- Your sexual orientation.
- Your biometric data.
- Your trade union membership.
Continue reading this guide to learn how and when you may be able to claim for a data breach at work. You can also contact our advisors to discuss your case and to learn more about what information is protected by the UK GDPR.
Would My Employer Be Liable For A Data Breach?
Your employer could be held liable for a data breach at work if they failed to adhere to data protection laws. Both the UK GDPR and the Data Protection Act 2018 (DPA), together, sit as data protection laws.
If your employer failed to adhere to the rules and regulations listed within these laws, this could lead to a data breach that also affects your personal data.
A data breach is defined as a security incident that affects the integrity, availability and confidentiality of personal data.
To claim compensation, you need to ensure that your circumstances meet the following conditions:
- Your workplace failed to adhere to the rules and regulations stated within the UK GDPR and the DPA.
- This resulted in your personal data being breached.
- As a consequence of the breach, you suffered psychological harm (such as stress) or financial losses.
To see whether you may have a valid personal data breach claim, you can contact our advisors.
Examples Of Data Breach At Work Claims
There are various ways a data breach at work could take place. This could be due to human error or a cyber incident. Below, we have set out some examples:
- A school sends out a batch email without using the blind carbon copy (BCC) feature, revealing the email addresses of staff.
- Despite having the correct details on file, a hospital sends out personal staff data to multiple incorrect email recipients.
- The HR department for a hotel chain sends a copy of a worker’s dismissal record to the wrong postal address, despite having the correct address on file.
- An office worker leaves a filing cabinet unlocked, resulting in the loss of an employee’s personal data records.
- A worker accesses the disciplinary information of a fellow employee after a laptop containing sensitive data is left open and unprotected by a password.
These are only a few examples. Please contact one of our advisors today to discuss the eligibility of your case.
What Compensation Could I Get For A Workplace Data Breach?
Data breach claims award compensation for the financial impact of a workplace data breach (material damage) and/or emotional distress that someone experiences (non-material damage).
When the compensation for your non-material damage is being calculated, the Judicial College Guidelines (JCG) alongside your medical records may be referred to. This document offers compensation guidelines for various psychological injuries.
In the table below, we have used the JCG’s figures for psychological injuries, aside from the first entry.
| Type of Injury | Severity | Compensation | Notes |
|---|---|---|---|
| Severe Psychological Damage and Financial Losses | Severe | Up to £250,000+ | Takes into account multiple kinds of mental harm as well as financial losses such as lost earnings. |
| Psychiatric Damage Generally | Severe | £66,920 to £141,240 | Severe impact on work and daily life, coupled with a poor prognosis. |
| Moderately Severe | £23,270 to £66,920 | Significant impact as above, but the prognosis is more hopeful. | |
| Moderate | £7,150 to £23,270 | Mental health problems may have noticeably improved by trial. | |
| Less Severe | £1,880 to £7,150 | Considers how long a disability lasted and its impact on daily activities. | |
| Post-Traumatic Stress Disorder | Severe | £73,050 to £122,850 | Permanent trauma affecting all aspects of life. |
| Moderately Severe | £28,250 to £73,050 | Improved prognosis thanks to professional help, but trauma likely to persist for the foreseeable future. | |
| Moderate | £9,980 to £28,250 | Significant recovery and any ongoing symptoms are not considered to be "grossly disabling." | |
| Less Severe | £4,820 to £9,980 | More or less a full recovery within a year or two. Only relatively minor symptoms will persist. |
How Would My Compensation Be Calculated?
Reflecting the distress data breaches often cause, non-material damage covers various psychological injuries. These injuries can range from permanent forms of post-traumatic stress disorder (PTSD) to conditions like anxiety and depression.
In addition, you may be reimbursed for a range of financial losses, referred to as your material damage. Provided you have supporting evidence like payslips and bank statements, compensation for your material damage may cover the following:
- Costs related to changing your address.
- Loss of earnings if you found yourself unable to return to work after a data protection breach.
- Paying for therapy.
To discuss the potential value of your data breach claim, you can contact our advisors.
Do I Need to Notify The ICO About A Work Data Breach?
No, only the organisation responsible for a data breach at work needs to notify the Information Commissioner’s Office (ICO), of a data breach.
The ICO is the independent authority that enforces data protection laws. Generally, an organisation must file a report if a data protection breach risks the freedoms and rights of those affected. In this scenario, an organisation needs to notify the ICO within 72 hours of the incident (or the date they discovered it) and inform affected staff without undue further delay.
Additionally, you could also make a complaint about a data breach to the ICO. To do so, you must file the report within three months of your last substantive contact with the organisation at fault. Whilst they cannot award compensation, the ICO may then launch an investigation that could prove beneficial as supporting evidence for your data breach claim.
Our friendly team of advisors is on hand to answer any questions you have about the ICO or making a claim following a data breach at work.
How Do I Make A Data Breach At Work Claim?
If you are planning to seek compensation for a data breach at work that compromised your personal data, it’s important to be mindful that claims usually need to be started within up to six years of the breach taking place. Workplace data breach claims also need to be backed up with evidence, examples of which you can find below:
- Correspondence: This could include email exchanges with the organisation or a personal data breach notice letter.
- Medical records: For instance, your patient files could confirm the diagnosis of a mental health condition related to the data breach.
- The findings from an investigation by the ICO.
- Evidence of financial losses suffered, such as wage slips.
Contact us today to find out how a solicitor from our panel could help piece together the evidence needed to support your compensation claim.
Can I Claim On A No Win No Fee Basis?
In short, the answer is a firm yes. In fact, our panel of solicitors have represented many clients under the terms of a Conditional Fee Agreement (CFA). It’s a type of No Win No Fee arrangement that aims to ease the financial concerns some individuals may have about hiring a solicitor. So, rather than face the prospect of mounting solicitor fees, you can expect the following with a CFA:
- At the start of a claim, you won’t pay any upfront solicitor’s fee.
- As your claim moves forward, you won’t be subject to additional solicitor’s fees.
- If the claim fails, you won’t pay a fee for your solicitor’s services.
In the event you win your case, your legal representative will receive a success fee as payment for their work. However, you won’t pay out of pocket as the fee gets taken as a small, legally capped share of your compensation.
Contact Legal Helpline
Our panel of solicitors here at Legal Helpline have years of experience in securing compensation for clients affected by the fallout of a data breach at work. They offer compassionate support and confidential advice throughout your compensation journey, ensuring you are in control at every stage of the process.
If you believe you are entitled to compensation for a personal data breach at work, please get in touch using the details listed below:
- Use our live chat pop-up.
- Ring us on 0333 000 0729
- Contact us online.
More Information
For additional information about what a personal data breach means for compensation claims, check out our guides on:
- Compensation claim options after a bank data breach.
- Who can make a data breach claim against a court.
- When to start a claim after a recruitment agency data breach.
You may also want to consider the following resources:
- Government information explaining how data protection legislation regulates personal information.
- The National Cyber Security Centre (NCSC) has advice about data breaches.
- The ICO explains the role of data protection officers.
We appreciate you taking the time to read our comprehensive guide looking at what happens after a data breach at work. For more information, contact our team today.
