Failure To Use Blind Carbon Copy On Email Data Breach Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Failure To Use Blind Carbon Copy (BCC) On Email Data Breach Claims

By Danielle Jordan. Last Updated 29th February 2024. This guide will focus on how to make a failure to use blind carbon copy on email data breach claims. This is a very easy mistake to make when sending out a group email. However, a failure to use BCC can result in your email address being exposed to a party that you may prefer does not have access to it. In this guide, we look at how these mistakes can happen, as well as the types of harm they may cause you. Additionally, we will go over the process of making a BBC data breach claim.

However, please keep in mind that your claim is going to be unique in some way. It might be somewhat similar to other claims, but it won’t match exactly. And because of this, we might not have covered every question you have. Don’t worry if this is the case though, we can still provide you with the answers that you need. Just give us a call on 0800 073 8804. The line is open 24 hours a day, 7 days a week. One of our claim advisors will get you the answers you need.

A digital display screen stating 'data breach' within a hexagon.

Select A Section:

If you’d like to learn about the key points from this guide, why not check out our video below:

When Can You Claim For A BCC Data Breach?

You might be wondering when you could claim compensation for a BCC data breach. To form the basis of a valid claim, you must be able to prove that:

  • The breach was caused by wrongful conduct.
  • It affected your personal data.
  • You suffered financial or psychological harm as a result.

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (DPA) protect the personal data of UK residents, and data controllers and data processors are expected to comply.

A data controller decides how and why they need to use your personal data. A data processor is someone who processes personal data on behalf of a data controller. Personal data is information that others can use to identify you. For example, this might include your phone number, your personal email address, or your home address.

A personal data breach is defined by the Information Commissioner’s Office (ICO) as a security incident that affects your personal data’s availability, confidentiality, or integrity.

If a data breach caused you to suffer mental or financial harm, contact our team. They can assess the eligibility of your case and offer you free advice. You can also head here to learn more about whether or not an email address is a breach of GDPR here.

How To Prevent A Failure To Use Blind Carbon Copy On An Email Data Breach

Some advice on how to protect personal data in the workplace is to train staff in proper usage of CC and BCC. These types of email breaches are often caused by human error. And here are a few tips on how to overcome this.

  • Ensure that staff are knowledgeable about their own responsibilities for protecting data under UK GDPR.
  • Train staff to understand what the difference is between CC and BCC, and to know when to use them.
  • Ensure that staff know to show both the CC and BCC fields when an email is being written.
  • Ensure that staff know what the internal reporting process is if they do accidentally cause an email data breach.

Do I Need Evidence To Make A Data Breach Claim?

If you are eligible to claim compensation because someone failed to send an email with BCC, exposing your personal data and causing you harm, you will need evidence. Some examples of the evidence you could use to help support your claim include:

  • Evidence that your personal data was breached. This could be a confirmation letter or email from the organisation responsible for the breach, confirming what personal data of yours was compromised.
  • Any correspondence between you and the organisation regarding the breach.
  • If you reported the breach to the Information Commissioner’s Office (ICO), and they decide to investigate the breach, their findings could be used as evidence. The ICO are an independent body that upholds information rights. However, you must make the report to them within 3 months of your last meaningful communication with the organisation regarding the breach.
  • Evidence you suffered psychological harm, such as a copy of your medical records stating any diagnosis.
  • Evidence you suffered financial harm, such as a copy of your bank statements.

If you’re concerned about how to gather evidence to support your claim, you might be interested in getting help from a solicitor who specialises in email CC and BCC data breach claims. They could assist you in gathering relevant evidence to support your claim.

To learn whether one of our solicitors could assist with your claim, you can contact an advisor. They could answer any questions you might have about your case and check your eligibility to claim.

Calculating Failure To Use Blind Carbon Copy On Email Data Breach Claims

Working out an average compensation amount for a successful data breach claim is impossible. As each claim has its own unique aspects. Instead, you can use the table below to work out which compensation category you might fall into. We used the guidelines that are produced by the Judicial College to make this table. Another option, is to try using our online compensation calculator to get a rough estimate of the value of your claim.


Psychiatric Injury Severity Category Details Guideline Amount
Severe Psychological Damage + Special Damages Severe Multiple instances of severe psychological damage in combination with financial losses such as lost earnings and the cost of counselling. up to £150,000+
Psychiatric Damage Severe At the highest severity, the claimant is unable to cope with life in general, their family and relationships or work and education. The prognosis in this category is very poor. £54,830 – £115,730
Moderately Severe In this category, the claimant suffers significant problems coping with general life, relationships, work or education. Although, at this severity, the outlook is much more positive. £19,070 – £54,830
Moderate The claimant has suffered from similar problems to the categories above, but they’ve experienced marked improvements. £5,860 – £19,070
Less Severe This category considers how long the claimant suffered a disability and what impact this had. £1,540 – £5,860
Post Traumatic Stress Disorder (PTSD) Severe In this category, the claimant suffers permanent symptoms that impact all areas of their life badly. £59,860 – £100,670
Moderately Severe At this severity, the claimant suffers a significant disability lasting in to the future. Professional help, however, can lead to some recover. £23,150 – £59,860
Moderate In this bracket, the claimant makes a good recovery and if any continuing symptoms persist, they won’t have a major impact. £8,180 – £23,150
Less Severe The claimant may suffer some minor symptoms beyond 2 years. £3,950 – £8,180


If you win your failure to use BBC on email data breach claim, you will be able to seek damages for two main reasons. The first is for monetary loss (material damages). This could be money you lost because of your data being exploited in some way. Or it could be money you had to pay out as a direct cost during the claims process. For example, telephone charges, postage or photocopying.

The second is for mental harm caused by trauma and stress (non-material damages). You don’t have to have suffered a financial loss to claim for non-material damages though. The Court of Appeal heard a case back in 2015, Vidal-Hall and others v Google Inc, that set a precedent. The claimants were successful and won compensation for mental harm, but had not incurred any monetary loss. Because of this precedent, you can potentially do the same.

No Win No Fee Failure To Use Blind Carbon Copy On Email Data Breach Claims

Our team are here to help if you have a valid case and are ready to start your BCC data breach claim. Our expert personal data breach solicitors work on a No Win No Fee basis, by offering their clients a Conditional Fee Agreement (CFA). Under a CFA, you typically don’t need to pay your solicitor any upfront fees for their work on your claim, nor are you required to pay for their services while the claim is progressing or if it fails.

If your personal data breach compensation claim succeeds, your solicitor will take a success fee. They take this as a small, legally capped portion of your compensation. This legal cap helps to make sure that the majority share of what you receive stays with you.

Contact Our Team

Get in touch with our team today to start your personal data breach compensation claim. Our advisors can answer any questions you may have about the claims process and can provide a free consultation. If they find your BCC data breach claim to be a strong case, they may then connect you with one of our No Win No Fee solicitors.

To get started:

Learn More

Here are some useful external links.

Guide By Wheeler

Edited By Goldasz

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts