ASDA Pharmacy Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For ASDA Pharmacy Data Breach
My Data Privacy Was Breached By ASDA Pharmacy, Could I Claim Compensation?
As you’re probably aware, the way in which organisations handle your personal information has changed since the introduction of the General Data Protection Regulation, or GDPR as it’s more often referred to. The regulation was passed into British law when The Data Protection Act 2018 was enacted and means any data breach containing your personal information could lead to a compensation claim. In this article, we’re going to consider when Asda Pharmacy data breach claims might be required.
Due to the GDPR, you now have more options concerning who can request your personal information, what it can be used for and who else can access it.
There is also a requirement for organisations like Asda Pharmacy to securely store your data and have good systems in place to ensure it doesn’t get into the wrong hands. While that’s often the case, there are times when errors can occur causing data to be leaked. Therefore, we’ll look at what harm can be caused by a data breach, why you might be able to claim compensation and how much could be awarded.
If you would like to start a claim, Legal Expert can help. We provide a telephone-based consultation and free advice about your claim options. If your case appears to have a reasonable likelihood of success, you could be connected to one of our specialist solicitors. Should they agree to accept your case, they’ll work on a No Win No Fee basis for you.
To start an Asda Pharmacy data protection claim today, please call our team on 0800 073 8804. Alternatively, if you read the rest of this article, you’ll find out lots more about the data breach claims process.
Select A Section
- A Guide To ASDA Pharmacy Data Breach Claims
- What Are Breaches Of Pharmacy Customers Private Data?
- Applying The GDPR To Pharmacy Data
- How A Pharmacy Could Be In Breach Of The GDPR
- Fines Which Have Been Issued To Pharmacies By The ICO
- Making Data Breach Complaints To The Information Commissioner’s Office
- What Could Be Claimed For After A Breach Of Medical Data?
- Work Out How Much Data Breach Compensation Victims Could Claim
- No Win No Fee ASDA Pharmacy Data Protection Breach Claims
- How Do I Find A Solicitor Specialising In Breaches Of Data Protection
- Contacting A Data Breach Solicitor
- Additional Resources And References
A Guide To ASDA Pharmacy Data Breach Claims
When you use most services these days, you’ll need to answer questions about how the company handles your personal information. That might be a pop-up box on a website you’ve never visited before or a question on a form when you sign up for a new pharmacy. These questions are used to provide you with a choice about what happens with your data and so that the company involved can fulfil their responsibilities under the GDPR. The most important part of the process is that once your preferences have been recorded, the organisation must only use your information in the ways that you’ve consented to.
During the course of this article, we’re going to show you why Asda Pharmacy data breach claims might happen. We’ll consider the causes of data breaches, the harm they can lead to and when they might lead to compensation being awarded. We’ll also look at the Information Commissioner’s Office’s (ICO) ability to issue data breach fines.
If you do decide that you want to make a claim, we should tell you that there is a 6-year time limit. This is reduced to 1-year if your claim is about a breach of human rights so please factor in these limitation periods when considering your options. Our advice is always to start the claim as soon as you can. While 6-years is plenty of time, it’s much easier to remember the facts of the case when discussing them soon after the data breach happened. Also, starting earlier rather than later means your solicitor will find it a lot easier to obtain any evidence required to support your case.
What Are Breaches Of Pharmacy Customers Private Data?
There are lots of different ways a data breach can occur. The GDPR defines them as a security breach which results in your personal information being altered, destroyed, lost, accessed or disclosed by means that you’ve not previously permitted. Importantly, the act leading to the breach might be accidental or on purpose and the leaked data could be digital or on physical documents. Even if the data breach doesn’t cause any harm to you, the organisation could still receive a fine from the ICO.
While you might think that data breaches mainly occur because of weak network or computer security, it’s a lot more common for breaches to be caused by human error when handling printed documentation. One data breach example could be where a pile of old documents, containing personally identifiable content, is disposed of in a bin rather than being securely shredded. Another might be if a prescription containing your name, address and details of your medication is dropped by staff on the shop floor and read by another patient.
When a pharmacy becomes aware of a data breach, they need to decide if it puts anybody at risk. If it does, they need to contact the ICO and the patient to let them know how the breach occurred, when it took place and what information was exposed.
Applying The GDPR To Pharmacy Data
The GDPR is an 88-page document which isn’t the best bedtime reading material you’ll find! However, within the large document, there are some useful roles defined which make an organisation’s responsibilities relating to personal data clearer. They include:
- The Data Subject – This is the individual whose personal information is going to be requested and stored i.e. a patient.
- A Data Controller – The company or organisation who defines the reasons and methods of processing personal information i.e. the pharmacy.
- The Data Processor – A company or individual who gathers and processes the information on behalf of the data controller.
The GDPR also sets out a number of data processing principles including:
- There must be a legitimate purpose behind data processing and the data subject has to be made aware of it.
- A minimum amount of data should be processed to meet the objectives.
- Data can only be stored for the amount of time specified at the time it was processed.
- Any data processing must be fair, lawful and transparent to the data subject.
- Any personal information needs to be kept up to date.
- The data controller needs to be able to demonstrate full compliance with these principles.
How A Pharmacy Could Be In Breach Of The GDPR
We’re now going to consider how a pharmacy data breach could take place. Here are a few examples:
- If another patient is given your prescription and it contains personally identifiable information.
- Where the pharmacy’s computer system is attacked by ransomware, malware or a virus.
- When a letter, email or text message containing information about you is sent to the wrong patient.
- If a computer screen containing your details is left unlocked and visible to other customers.
- Where a member of staff accesses your details with no medical reason to do so.
- If a document containing your data gets into the public domain because it was lost or disposed of incorrectly.
Fines Which Have Been Issued To Pharmacies By The ICO
As we mentioned earlier, the ICO is able to fine companies who cause a data breach and break the rules of the Data Protection Act. In this section, we’re going to provide details of a pharmacy that received a fine of £275,000.
The London-based company, Doorstep Dispensaree, were found to have stored around half a million documents relating to care home patients in cardboard boxes, crates and disposal bags in unlocked containers at the back of the property. The documents contained patient names, NHS numbers, addresses, dates of birth, prescription details and medical information. None of the documentation was secured or marked as confidential waste.
Doorstep Dispensaree argued that the courtyard where the documentation was found was locked but the ICO did not agree, especially after the company admitted that the residents of the adjoining flats could breach any security measures by using the fire exit.
The ICO found that as well as the method of storage, Doorstep Dispensaree were not compliant with the GDPR as their data protection policies hadn’t been updated for 4-years.
Following their investigation, the ICO ordered that the company has to improve its data proception methods in less than 3-months or it could be served a further penalty notice which could amount to 4% of its annual turnover.
Making Data Breach Complaints To The Information Commissioner’s Office
If you are thinking of claiming compensation, there are two things that could help you understand what’s happened: making an official complaint to the company you blame or asking the ICO to investigate.
When you complain to a pharmacy directly, they should investigate what’s happened and let you know their findings. Their final response letter should provide you with an escalation method if you’re not happy with the outcome of their investigation. If you run out of escalation routes, you could then ask the ICO to step in.
To lodge a complaint with the ICO, you need to wait until about 3-months after the last meaningful contact with the pharmacy. Also, you shouldn’t leave it too long to complain to the ICO because they can refuse to look at cases that have taken a long time to be brought to their attention.
While both of these methods could provide important information that helps you identify why the data breach happened, they won’t lead to you being awarded any compensation. That’s because the ICO can only issue fines against companies who’ve breached data protection legislation. If you are going to ask for compensation, you’ll need to claim against the pharmacy yourself.
Once 3-months have passed since your last contact with the pharmacy, and you’d like to find out if you’re eligible to claim, you could contact us and let an advisor assess your claim. They’ll review what’s happened and could refer you to a specialist solicitor. If they agree to take your claim forward, they’ll let you know whether you should raise your complaint with the ICO or whether they think they can reach an amicable settlement with the pharmacy directly.
What Could Be Claimed For After A Breach Of Medical Data?
Over the next few sections of this article, we’re going to look at what you’re able to claim compensation for, how much might be awarded, and when No Win No Fee agreements can be used.
When considering Asda Pharmacy data breach claims, your solicitor will usually look at two different types of compensation:
- Material damage which aims to compensate the victim for any financial losses they’ve incurred or will incur in the future.
- Non-material damage that is used to compensate the victim of any psychological injuries sustained following the data breach.
While it would be nice to list exactly what compensation you could claim for in this guide, it’s not possible because all claims are different and different factors apply in each case.
For instance, when looking at psychological injuries, your solicitor will need to show how anxiety, depression or Post-Traumatic Stress Disorder have affected your life, work or education and whether those symptoms have had a negative impact on your social, work or family relationships. Also, for financial losses, your solicitor will need to assess any future impact the data breach could cause as well as those you’ve already suffered.
If you’d like your case to be assessed to see what you could claim for, please call our claims line today. An advisor will discuss what’s happened and could refer you to one of our specialist solicitors for a thorough assessment of your case.
Work Out How Much Data Breach Compensation Victims Could Claim
Now we’re going to discuss potential compensation amounts. In a case heard by the Court of Appeal (Vidal-Hall and others v Google Inc ) an important judgement was made that established that it’s possible for victims of data breaches to claim compensation for psychological injuries without having had any pecuniary or financial losses. Furthermore, the judgement set out that awards for non-material damage should be valued in the same way as personal injury cases.
Therefore, we’ve listed some example injuries and associated compensation figures in the table below. The information comes from a document that solicitors and courts use to help decide compensation awards called the Judicial College Guidelines.
|Psychiatric Damage||Severe||£51,460 to £108,620||This settlement range is for cases where the claimant will have serious problems coping with life, education or work. They'll also struggle to manage relationships, will be vulnerable in the future and have a poor medical prognosis.|
|Psychiatric Damage||Less Severe||To £5,500||This settlement range is used for less severe cases and factors such as length of disability and the impact on sleep and other daily activities will be considered.|
|PTSD (Post-Traumatic Stress Disorder)||Severe||£56,180 to £94,470||This settlement range is for cases where the claimant will suffer flashbacks, hyper arousal, nightmares and suicidal ideation permanently. All aspects of the claimant's life will be affected and they will not be able to function at anything like previous levels. Their symptoms will mean work is impossible.|
|PTSD (Post-Traumatic Stress Disorder)||Moderately Severe||£21,730 to £56,180||With professional help, the prognosis in this category will be better than above although many of the initial symptoms will be the same.|
|PTSD (Post-Traumatic Stress Disorder)||Less Severe||£3,710 to £7,680||This settlement range is for cases where the claimant has just about fully recovered in a year or two. Any symptoms that last longer will only be minor.|
The most important factor when awarding compensation for these injuries is the severity of the suffering. As a solicitor isn’t medically trained, they’ll need to arrange for you to visit a local medical specialist as part of your claim.
During the medical assessment, your medical records will be considered, and you’ll be asked some questions about the effect the data breach has had on your health. Once the appointment has ended, the specialist will prepare a report confirming their findings and send it to your solicitor.
No Win No Fee ASDA Pharmacy Data Protection Breach Claims
We completely understand that many potential claimants don’t start compensation claims because they’re concerned about how much the claim will cost them. To remove some of that worry, and to alleviate some of the financial risks, our solicitors conduct their work on a No Win No Fee basis for claims that they accept.
Before they can offer this service, your solicitor will need to check the claim has some chance of success. If they are happy to work for you, and you’re happy to continue, a Conditional Fee Agreement (CFA) will be prepared.
The CFA will explain that:
- You won’t pay any upfront fees and there will be no hidden charges.
- There will be no solicitor’s fees payable while the claim is ongoing.
- Should the claim be lost, you won’t need to cover your solicitor’s fees at all.
Also, the CFA will clearly explain how a success fee will be deducted from your compensation if the solicitor wins the case. The fee, which is legally capped, is a small percentage of your award used to cover the solicitor’s costs. The CFA will state what percentage you’ll pay so you’ll know how much will be deducted right from the start of your claim.
How Do I Find A Solicitor Specialising In Breaches Of Data Protection
OK, we’ve now shown you why Asda Pharmacy data breach claims might be needed and what compensation could be claimed for, but how do you pick a solicitor to take on your case? Well, you could simply look for the nearest law firm and choose them, you might ask friends or family to advise a solicitor, or you could just read online reviews of solicitors who might be able to help.
Each of those methods could result in you finding the best solicitor to help you with a data breach claim, but they might not, and you might find the process takes a lot of time. Instead of wasting time searching, you could just Call Legal Expert.
Our team of solicitors have decades of experience supporting clients with many different types of compensation claims. If your claim is accepted, you’ll have access to your solicitor throughout the case to help explain any complex legal jargon that crops up. Furthermore, they’ll provide you with regular updates as the claim progresses.
Contacting A Data Breach Solicitor
To start your claim with Legal Expert today, you can:
- Call a member of our team for free claims advice on 0800 073 8804.
- Ask an online advisor for free advice in our live chat channel.
- Email us with details about your data breach claim to firstname.lastname@example.org.
- Start an online claim to arrange for a call back from a specialist advisor.
You can contact our claims line 24-hours a day, 7-days a week. We’ll start by reviewing your claim and any evidence you’re able to provide. If the claim appears to have good grounds, your advisor could connect you with one of our specialist No Win No Fee solicitors straight away.
Additional Resources And References
Thanks for completing this article about Asda Pharmacy data breach claims. In this last section, we’ve taken the opportunity to link to further resources that we think might be helpful:
NHS Claim Time Limits– If you’re making a claim against the NHS, this guide will explain the time limits that apply for different types of claim.
Asda Pharmacy Medication Errors – Details on when you could claim for suffering caused by prescription errors.
Hospital Negligence Claims – Information on claiming compensation for suffering caused by medical negligence in a hospital.
Data Consent – An ICO guide that explains whether an organisation needs your consent to hold different types of data.
Pharmacy Complaints – Information from the General Pharmaceutical Council about when they could investigate a complaint about a pharmacy.
Find A Pharmacy – This NHS website allows you to look for pharmacies near you.
Guide by Mavers
Edited by Billing