Have you experienced an email data breach that compromised your personal information? Did you suffer emotional or financial harm? If so, please read our helpful guide on email data breach claims and learn how you could be entitled to personal data breach compensation.
Firstly, this guide will explore the eligibility requirements of making a claim for a personal data breach. Furthermore, we also look at the potential compensation pay-outs you could receive by making a claim.
Our guide further explores the types of email data that could be part of a breach, as well as discussing the common causes breaches. Moreover, we look at the evidence you will need to provide to make a compensation claim. Lastly, we look at how one of our experienced solicitors could help you seek compensation on a No Win No Fee basis.
At Legal Expert, our advisors work around the clock to answer any questions you may have about making a claim. Furthermore, our advisors can provide a free case check to determine the strength of your claim. To get in touch with us:
- Call us on 0800 073 8804
- Contact us online
- Use our live chat feature
Frequently Asked Questions
- Who Can Make Email Data Breach Claims?
- How Much Compensation Could I Get For An Email Data Breach?
- What Email Data Could Be Part Of A Breach?
- The Most Common Email Data Breach Causes
- How To Make An Email Data Breach Claim
- No Win No Fee Data Breach Solicitors
- More Information
Who Can Make Email Data Breach Claims?
To make an email data breach claim, you must have experienced wrongful conduct on the part of a data controller or processor. This means that the processor or controller failed to adhere to the following data protection laws, resulting in harm.
In essence, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) sit together as the data protection laws responsible for the processing of personal data. Ultimately, they uphold the rules and regulations that data controllers and processors must adhere to.
A data controller decides how and why your personal information is processed. Commonly, a data controller will be an organisation. Alternatively, a data processor is responsible for processing personal data on behalf of a data controller. Typically, a data processor is usually an organisation or agency separate from a data controller.
According to the Information Commissioner’s Office (ICO), a personal data breach is the accidental or unlawful destruction, alteration, loss, unauthorised disclosure of, or access to personal data.
Therefore, you could make a claim if:
- The data breach was caused by a data controller or processor’s wrongful conduct, such as a failure to comply with data protection legislation.
- Your personal data was involved in the breach
- You suffered financial or mental harm, or both, as a result
Do you want to find out more about possible personal data breaches? Please contact one of our friendly advisors today.
How Much Compensation Could I Get For An Email Data Breach?
If your claim is successful, you could be awarded with two types of compensation, material and non-material damage.
Ultimately, non-material damage accounts for the impact that the data breach had on your mental health. For example, exposure of your private information by an organisation could result in depression, anxiety and post-traumatic stress disorder.
The Judicial College Guidelines (JCG) are suggestive compensation guidelines, and are often used by lawyers when assigning values to injuries. Moreover, the case Vidal-Hall v Google established that you can now solely claim for psychological harm without suffering financial harm due to a breach of your personal data.
All entries in the table below, aside from the first entry, have been taken from JCG for common mental health injuries following data breaches. Please note that they are merely guidelines and do not provide a guarantee of how much you will receive.
| Injury | Guideline Compensation |
|---|---|
| Severe Psychological Damage and Financial Losses | Up to £250,000+ |
| Severe Psychiatric Damage | £66,920 to £141,240 |
| Moderately Severe Psychiatric Damage | £23,270 to £66,920 |
| Moderate Psychiatric Damage | £7,150 to £23,270 |
| Less Severe Psychiatric Damage | £1,880 to £7,150 |
| Severe PTSD | £73,050 to £122,850 |
| Moderately Severe PTSD | £28,250 to £73,050 |
| Moderate PTSD | £9,980 to £28,250 |
| Less Severe PTSD | £4,820 to £9,980 |
To learn more about what mental health injuries you could claim for, please contact our advisory team today.
Calculating Data Breach Compensation
Fundamentally, email data breach claims are valued on a case-by-case basis due to many factors. For example, the following factors may affect the amount of compensation you receive:
- The severity of the mental harm suffered
- The length of your recovery period
- The impact on your daily activities
- The effect on your quality of life
To learn more about the factors that could affect your claim, please get in touch with one of our advisors.
Can I Claim For Material Damage?
Yes, you could claim for your material damage in successful data breach cases, as long as evidence is provided. Ultimately, material damage aims to compensate you for any financial losses you have suffered as a result of the personal data breach.
Please see the following examples of potential financial losses that you could include in your claim:
- Loss of earnings. This may include time taken off work due to the effect that the data breach has had on you.
- Relocation costs. This may include the costs of moving house following a data breach that jeopardised your safety
- Home security costs
- Therapy costs
It is also essential to provide evidence of any financial losses you wish to include in your claim. Evidence could be in the form of:
- Invoices
- Receipts
- Bank statements
- Payslips
If you want to find out if you could claim for material damage, please contact one of our friendly advisors.
What Email Data Could Be Part Of A Breach?
To know if you could make a claim for a breach of email data, it is essential to know what types of personal data could be part of a breach.
In essence, personal data is information that can directly or indirectly identify someone. Therefore, please see the following examples of personal data that could be compromised in an email breach:
- Your name
- Your address
- Your national insurance number
- Your personal email address
Moreover, special category data is a type of personal data that requires more protection because the contents are sensitive. Special category data may also be part of an email breach, and the UK GDPR defines it as personal data that reveals:
- Your racial or ethnic origin
- Your political opinions
- Any data concerning your health or medical information
- Your religious or philosophical beliefs
For example. if your religious or political beliefs were exposed in a data breach, this could be grounds to bring a claim. For instance, a university research department may accidentally send a group email containing your results of a political survey to all students, causing you mental harm.
To gain advice about your personal situation, please get in touch with one of our advisors for free.
The Most Common Email Data Breach Causes
There are many situations where email data breaches could occur, such as the following:
- Cyber attacks. For example, your employer could experience an unauthorised attack against a network, compromising the personal data of employees’ , including their personal email addresses.
- Phishing. This includes situations where a fraudulent company poses as a legitimate one, coercing you to give your personal data. For example, a phishing scheme posing as your bank could result in your bank details being shared with criminals.
- An email could be sent to the wrong recipient. For example, you could suffer a medical data breach if results from a brain scan are sent to the wrong patient.
- Failure to use ‘blind copy carbon’ (BCC) when including multiple recipients in an email, resulting in personal data being shared. For example, you could suffer a lawyer data breach if a solicitor failed to use BCC when sending a newsletter to multiple email addresses.
- A sender may accidentally attach a document containing your personal data to an email to another person. For example, your employer could attach your payslip and could send it to the wrong employee, containing your personal data.
Moreover, to bring a personal data breach claim, it must be proven that the breach resulted in financial or mental harm.
To discuss email data breach claims in further detail, please contact one of our friendly advisors today.
How To Make An Email Data Breach Claim
If you wish to make an email data breach claim, it is essential that you gather evidence to prove that a data controller or processor failed to adhere to data protection laws. Furthermore, it must also be evidenced that your personal data was involved in the breach and you suffered harm as a result.
Please see the following examples of evidence you could provide:
- Proof of your psychological harm such as medical records or a diagnosis letter from a psychiatrist.
- Proof of financial harm, such as payslips, invoices and bank statements
- A notification letter or email from the organisation who breached your data
- Findings from an ICO investigation. Following a personal data breach, you can report the breach to the ICO who could choose to investigate the incident. Please note that the report must be made within 3 months of your last meaningful communication with the organisation responsible for the breach, about the breach.
- Correspondence with the organisation about how the breach occurred.
Furthermore, please note that you generally have up to 6 years to make your personal data breach claim.
If you want to discuss what types of evidence you could provide, please contact our advisory team today.
No Win No Fee Data Breach Solicitors
Our advisors are available to answer any questions you may have about email data breach claims. Moreover, if they think you have a strong case, you could be connected with one of our No Win No Fee solicitors to start your claim. Solicitors that offer their services through a Conditional Fee Arrangement (CFA), provide claimants with various benefits, including:
- You won’t be required to pay for any upfront or ongoing solicitor service fees
- If your claim is unsuccessful, you won’t be required to pay for solicitor’s fees
- If your claim is successful, you will only be required to pay a small success fee for your solicitor’s work. This percentage is deducted from your compensation and is legally capped, therefore you will always be awarded with the bulk of the compensation.
To find out more about No Win No Fee arrangements, please contact our advisors.
Contact Legal Expert
Our advisors are available 24 hours, 7 days a week to answer any questions about personal data breach claims. If you experienced an email data breach and wish to make a claim, please contact us for free:
- Call us on 0800 073 8804
- Contact us online
- Use our live chat feature
More Information
To learn more about making a personal breach claim, please see our other guides:
- Get advice if you have experienced an energy company data breach
- Learn about stolen phone data breach claims
- Learn about hotel data breach compensation claims
Additional external information:
- Learn about understanding secure email in this local government guide.
- See the top tips about staying secure online from Gov.Uk
- Learn about how to make a complaint from the ICO
Thank you for reading our guide on email data breach claims.
