Customer Service Data Breach Compensation Claims Guide
Customer service can often require the use of,/ or access to people’s personal information to perform their work. This type of information is protected; organisations with access to a person’s personal information such as a name, address or financial information have a responsibility to make sure this information is only used appropriately and kept confidential and secure. If they fail to do this, and a person suffers harm as a result, the organisation could be found liable in a data breach claim. This is a guide to claiming compensation for a customer service data breach.
This guide will talk about data breaches and the protections in place for the use of your personal data. It will give you more information about unlawful and inappropriate uses of your data, and inform you of how to take action against an organisation if they breach your data by failing to comply with data security laws.
If you want to speak to someone directly, our advisers are available and offer free legal advice. You can speak to one immediately by:
Select A Section
- What Is A Customer Service Data Breach?
- How Should Companies Protect Your Personal Data?
- When Should Customers Be Notified Of A Breach?
- Examples Of Customer Service Data Breaches
- What Could You Claim For A Customer Service Data Breach?
- How To Claim For A Customer Service Data Breach
Every organisation that uses personal information as part of its work has a responsibility to safeguard it. This means.
- Ensuring that the processing of personal data is lawful, fair and clear.
- Collect only what is absolutely necessary for the purpose of the task
- Only process the data that is needed
- Always keep the information up to date
- Only keep for as long as is necessary
- Keep it safe and secure
- Be accountable for any data breaches
Any information about you, or relating to you is considered your personal information – and when your personal information is collected or used by an organisation, it is protected by data-protection laws, such as the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA).
A personal data breach occurs when the security, confidentiality or integrity of your personal information is affected.
However, not all data breach victims will be eligible to make a personal data breach claim, as not all breaches are the fault of the party responsible for protecting the data. Firstly, in order to claim, you must prove that your personal data has been breached because the organisation did not adhere to the applicable laws. And secondly that this caused you harm.
If you suffered mentally, or financially, from a data breach, you could be eligible to make a claim for compensation.
To see if you could be eligible, please speak to one of our advisers about claims for a customer service data breach.
The Information Commissioner’s Office (ICO) is a body in the UK dealing in data protection rights. Data breaches can be reported to the ICO, either by the people who have been affected by a data breach or by the organisations themselves. The ICO in turn publishes quarterly reports of the data breach incidents that organisations have self-reported.
Each financial quarter the ICO publishes data security trends. Some common human error causes of data breaches were:
- Emailing data to the wrong recipient
- Data posted or faxed to the wrong recipient
- Verbal disclosure
- Loss/theft of paperwork
Organisations can help prevent the exposure of personal information from these types of incidents through:
Data protection training:
Mistakes resulting in data breaches can be costly to both the organisation and the people affected by the breaches. Data breach training can help employees better understand the seriousness of breaches, and encourage them to be more alert when performing tasks involving people’s information, such as sending emails or letters.
Limiting employee access to personal information, unless it is absolutely necessary, can help prevent data breach incidents.
Actions a company can take to better secure personal information include:
- Safely storing paperwork containing personal information, by locking it away
- Introducing limits to the amount of employees that can access personal information
- Limiting devices that store personal information.
- Introducing policies that prevent, or limit the carrying or accessing of personal information outside of the office.
If a company failed to take actions that could have better protected your data and this resulted in you suffering harm from a customer service data breach, then please speak to an adviser for information on the actions you can take.
Organisations do not have to inform you about every data breach that involves your information. They however have a responsibility to assess every breach they suffer. If they find that the breach might negatively impact you, then they have to inform you as soon as they can.
Our advisers can give you more information about the actions you can take against a company for a customer service data breach.
How Often Do These Breaches Occur?
Data security incidents from the ICO for 2019-22 featured 28,369 self-reported data security incidents. The chart below features the different types of incidents reported.
A customer service data breach can be a result of:
- A lack of confidentiality:
- An employee working in customer service might share information they had seen about a customer.
- Human error:
- As seen above, an employee could email a person’s personal data to the wrong address.
- Loss of information:
- An employee could lose a portable storage device or laptop containing the customer’s personal data.
Did you suffer harm because of a customer service data breach? If so, please reach out to one of our advisers to discuss the legal options available to you.
There are two types of compensation in data breach claims.
The first is material damages – this type of compensation is intended to address financial losses from a data breach.
Losses in a personal data breach can be because of:
Theft – If your personal information was used fraudulently to steal money from you
Loss of income – if you were unable to work because of the breach
Costs towards treatment – if you were affected mentally by the breach, and spent money towards treatment such as medical costs.
The second type of compensation is non-material damages – this type of compensation is intended to address any mental harm a person may have suffered from the breach.
The Judicial College Guidelines (JCG) are commonly referred to when assessing compensation awards for injuries. We’ve included a table of the psychological injuries listed in the April 2022 edition of the JCG and their accompanying compensation brackets:
Injury Notes Award
Mental Harm Affecting a person's ability to work, maintain relationships or function in life Severe Severe cases with poor outlook for recovery £54,830 to £115,730
Moderately Severe A better outlook for recovery despite showing serious problems initially £19,070 to £54,830
Moderate Good recovery shown at the time of making the claim £5,860 to £19,070
Less Severe Day to day activities and ability to sleep was disturbed for a period of time £1,540 to £5,860
PTSD Anxiety Disorder Severe Severe symptoms preventing a person working entirely £59,860 to £100,670
Moderately Severe Severe symptoms shown but a better prognosis following professional help £23,150 to £59,860
Moderate Good recovery with minimal symptoms left £8,180 to £23,150
Less Severe A full recovery within one to two years £3,950 to £8,180
In previous years, you could not claim for mental harm unless you were making a claim for financial losses. This changed after the determination in the Court of Appeal case, Vidal-Hall and others v Google Inc 2015, You can now make a claim for suffering mental harm independently.
If you are looking for a valuation for compensation in your customer service data breach claim, then please speak to an adviser now.
If you are looking for help with making a data breach claim, then a solicitor can help you on a No Win No Fee basis.
This means you will not have to pay an upfront fee to hire one, and they will not charge you any ongoing legal fees as they handle your claim. Payment in No Win No Fee agreements comes as a success fee; this is taken only if your claim is successful and you are awarded compensation. The fee has a legal cap and comes as a percentage of the compensation.
If your claim is not successful, you do not have to pay the success fee.
To see if you could speak with a No Win No Fee data breach solicitor about your customer service data breach claim, then please reach out to one of our advisers. They can value your claim for merit and potentially put you through to a solicitor. You can reach one by:
Further Data Breach Claim Examples
Some additional data breach resources include:
- ICO: The ICO’s guide to making a data protection complaint
- ICO: The ICO’s guide to taking your case to court and claiming compensation
- GOV: A useful guide by the government on your data protection rights as a data subject
Thank you for reading our guide to customer service data breach claims. Other topics we offer guides on include:
Guide By Charles
Edited By Melissa.