By Danielle Jordan. Last Updated 31st March 2025. This guide will focus on how to make a failure to use blind carbon copy on email data breach claims. This is a very easy mistake to make when sending out a group email. However, a failure to use BCC can result in your email address being exposed to a party that you may prefer does not have access to it. In this guide, we look at how these mistakes can happen, as well as the types of harm they may cause you. Additionally, we will go over the process of making a BBC data breach claim.
However, please keep in mind that your claim is going to be unique in some way. It might be somewhat similar to other claims, but it won’t match exactly. And because of this, we might not have covered every question you have. Don’t worry if this is the case though, we can still provide you with the answers that you need. Just give us a call on 0800 073 8804. The line is open 24 hours a day, 7 days a week. One of our claim advisors will get you the answers you need.
Select A Section:
- When Can You Claim For A BCC Data Breach?
- What Is The Difference Between CC And BCC?
- How To Prevent A Failure To Use Blind Carbon Copy On An Email Data Breach
- Do I Need Evidence To Make A Data Breach Claim?
- How To Calculate Failure To Use Blind Carbon Copy On Email Data Breach Claims
- No Win No Fee Failure To Use Blind Carbon Copy On Email Data Breach Claims
- Learn More
If you’d like to learn about the key points from this guide, why not check out our video below:
When Can You Claim For A BCC Data Breach?
You might be wondering when you could claim compensation for a BCC data breach. To form the basis of a valid claim, you must be able to prove that:
- The breach was caused by wrongful conduct.
- It affected your personal data.
- You suffered financial or psychological harm as a result.
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) protect the personal data of UK residents, and data controllers and data processors are expected to comply.
A data controller decides how and why they need to use your personal data. A data processor is someone who processes personal data on behalf of a data controller. Personal data is information that others can use to identify you. For example, this might include your phone number, your personal email address, or your home address.
A personal data breach is defined by the Information Commissioner’s Office (ICO) as a security incident that affects your personal data’s availability, confidentiality, or integrity.
If a data breach caused you to suffer mental or financial harm, contact our team. They can assess the eligibility of your case and offer you free advice. You can also head here to learn more about whether or not an email address is a breach of GDPR here.
What Is The Difference Between CC and BCC?
If your personal data has been exposed due to a failure to use blind carbon copy on an email data breach, you may be wondering what the difference is between CC and BCC. Here are the differences:
- Carbon Copy (CC) – all email addresses added in the CC box are visible to all recipients of the email, and is used when you want everyone to know who has received the email. Using the CC box allows everyone to be able to access the email addresses of all recipients.
- Blind Carbon Copy (BCC) – all email addresses added in the BCC box are not visible to all recipients of the email, and is often used in mass emails. Using the BCC box prevents the email addresses of the recipients from being accessed by anyone else. When BCC is not appropriately or correctly used, this could potentially lead to a data breach.
As such, when mass emailing people who are out of your organisation, BCC should always be used. This is to protect the recipients’ personal data from being exposed, so that their email address is not visible to others.
If your personal data was exposed because CC was used instead of BCC, please contact us today. We can help you make a data breach claim if you’re eligible for compensation.
How To Prevent A Failure To Use Blind Carbon Copy On An Email Data Breach
Some advice on how to protect personal data in the workplace is to train staff in proper usage of CC and BCC. These types of email breaches are often caused by human error. And here are a few tips on how to overcome this.
- Ensure that staff are knowledgeable about their own responsibilities for protecting data under UK GDPR.
- Train staff to understand what the difference is between CC and BCC, and to know when to use them.
- Ensure that staff know to show both the CC and BCC fields when an email is being written.
- Ensure that staff know what the internal reporting process is if they do accidentally cause an email data breach.
Do I Need Evidence To Make A Data Breach Claim?
If you are eligible to claim compensation because someone failed to send an email with BCC, exposing your personal data and causing you harm, you will need evidence. Some examples of the evidence you could use to help support your claim include:
- Evidence that your personal data was breached. This could be a confirmation letter or email from the organisation responsible for the breach, confirming what personal data of yours was compromised.
- Any correspondence between you and the organisation regarding the breach.
- If you reported the breach to the Information Commissioner’s Office (ICO), and they decide to investigate the breach, their findings could be used as evidence. The ICO are an independent body that upholds information rights. However, you must make the report to them within 3 months of your last meaningful communication with the organisation regarding the breach.
- Evidence you suffered psychological harm, such as a copy of your medical records stating any diagnosis.
- Evidence you suffered financial harm, such as a copy of your bank statements.
If you’re concerned about how to gather evidence to support your claim, you might be interested in getting help from a solicitor who specialises in email CC and BCC data breach claims. They could assist you in gathering relevant evidence to support your claim.
To learn whether one of our solicitors could assist with your claim, you can contact an advisor. They could answer any questions you might have about your case and check your eligibility to claim.
Calculating Failure To Use Blind Carbon Copy On Email Data Breach Claims
Working out an average compensation amount for a successful data breach claim is impossible. As each claim has its own unique aspects. Instead, you can use the table below to work out which compensation category you might fall into.
We used the guidelines that are produced by the Judicial College to make this table (only the top figure is not from the JCG). Please refer this table as guidance only. Another option, is to try using our online compensation calculator to get a rough estimate of the value of your claim.
| Psychiatric Injury | Severity Category | Guideline Amount |
|---|---|---|
| Severe Psychological Damage + Special Damages | Severe | up to £150,000+ |
| Psychiatric Damage | Severe (a) | £66,920 to £141,240 |
| Moderately Severe (b) | £23,270 to £66,920 | |
| Moderate (c) | £7,150 to £23,270 | |
| Less Severe (d) | £1,880 to £7,150 | |
| Post Traumatic Stress Disorder (PTSD) | Severe (a) | £73,050 to £122,850 |
| Moderately Severe (b) | £28,250 to £73,050 | |
| Moderate (c) | £9,980 to £28,250 | |
| Less Severe (d) | £4,820 to £9,980 |
If you win your failure to use BBC on email data breach claim, you will be able to seek damages for two main reasons. The first is for monetary loss (material damages). This could be money you lost because of your data being exploited in some way. Or it could be money you had to pay out as a direct cost during the claims process. For example, telephone charges, postage or photocopying.
The second is for mental harm caused by trauma and stress (non-material damages). You don’t have to have suffered a financial loss to claim for non-material damages though. The Court of Appeal heard a case back in 2015, Vidal-Hall and others v Google Inc, that set a precedent. The claimants were successful and won compensation for mental harm, but had not incurred any monetary loss. Because of this precedent, you can potentially do the same.
No Win No Fee Failure To Use Blind Carbon Copy On Email Data Breach Claims
Our team are here to help if you have a valid case and are ready to start your BCC data breach claim. Our expert personal data breach solicitors work on a No Win No Fee basis, by offering their clients a Conditional Fee Agreement (CFA). Under a CFA, you typically don’t need to pay your solicitor any upfront fees for their work on your claim, nor are you required to pay for their services while the claim is progressing or if it fails.
If your personal data breach compensation claim succeeds, your solicitor will take a success fee. They take this as a small, legally capped portion of your compensation. This legal cap helps to make sure that the majority share of what you receive stays with you.
Contact Our Team
Get in touch with our team today to start your personal data breach compensation claim. Our advisors can answer any questions you may have about the claims process and can provide a free consultation. If they find your BCC data breach claim to be a strong case, they may then connect you with one of our No Win No Fee solicitors.
To get started:
- Call us on 0800 073 8804
- Use the live chat feature.
- Contact us online.
Learn More
Here are some useful external links.
- Understanding Secure Email
- Email Marketing Guidelines From The ICO
- Guidance On AI And Data Protection
- Here are some links to more of our data breach guides.
- Employer Data Breach Claims
- Claiming For Post-Traumatic Stress Disorder
- How To Claim For A Social Services Data Breach
Guide By Wheeler
Edited By Goldasz
