Failure To Use Blind Carbon Copy On Email Data Breach Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Failure To Use Blind Carbon Copy (BCC) On Email – Can I Make A Data Breach Claim?

By Danielle Jordan. Last Updated 6th September 2023. This guide will focus on how to make a failure to use blind carbon copy on email data breach claims. This is a very easy mistake to make when sending out a group email. However, a failure to use blind carbon copy can result in your email address being exposed to a party that you may prefer does not have access to it. In this guide, we look at how these mistakes can happen, as well as the types of harm they may cause you. Additionally, we will go over the process of making a claim.

Failure to use blind carbon copy on email data breach claim guide

Failure to use blind carbon copy on email data breach claim guide

However, please keep in mind that your claim is going to be unique in some way. It might be somewhat similar to other claims, but it won’t match exactly. And because of this, we might not have covered every question you have. Don’t worry if this is the case though, we can still provide you with the answers that you need. Just give us a call on 0800 073 8804. The line is open 24 hours a day, 7 days a week. One of our claim advisors will get you the answers you need.

Select A Section:

A Guide On Failure To Use Blind Carbon Copy On Email Data Breach Claims

This online guide will act as an introduction to whether you could make a claim for an email data breach caused by a failure to use BCC. In short, it will examine how a  failure to use blind carbon copy on email may cause a data breach. We will start this guide with a graph that looks at how common email-related data breaches are. Subsequently, we then give a top-level definition of what a BCC error email is. And in this part of the guide, we also look at applicable UK laws, and the types of data that they protect.

In the middle part of this guide, we try to define the actual problem. We look at how simple human error is often a cause of email-related data breaches. Furthermore, we look at how to use blind carbon copy and carbon copy in an email properly. Additionally, some advice on how to minimise this type of mistake is given.

The following part of this guide, is related to the claims process itself. Initially, we cover how to get a claim started. Also, we look at who you can report a data breach to as part of this process. Financial aspects are also covered. We provide information about the types of damages you might seek, and an example compensation table. No Win No Fee arrangements are also explained.

Lastly, this guide prompts you to get help from our team, then provides a number of useful links and some answers to common questions.

Time Limits For Making A Claim

You need to start your email address data breach claim within the right deadline. The duration of the claim doesn’t matter, only the start date is covered by a deadline. The circumstances of the data breach will directly impact this time limit.

In general, you are going to have up to six years to start your claim. However, there are other factors that can impact this claims deadline. For example, if you are claiming against a public body, then you have just one year. To check exactly what claims deadline will apply, call and ask our claims team.

Can Someone Send An Email With No BCC – Do I Need Evidence To Claim?

If you are eligible to claim compensation because someone failed to send an email with BCC, exposing your personal data and causing you harm, you will need evidence. Some examples of the evidence you could use to help support your claim include:

  • Evidence that your personal data was breached. This could be a confirmation letter or email from the organisation responsible for the breach, confirming what personal data of yours was compromised.
  • Any correspondence between you and the organisation regarding the breach.
  • If you reported the breach to the Information Commissioner’s Office (ICO), and they decide to investigate the breach, their findings could be used as evidence. The ICO are an independent body that upholds information rights. However, you must make the report to them within 3 months of your last meaningful communication with the organisation regarding the breach.
  • Evidence you suffered psychological harm, such as a copy of your medical records stating any diagnosis.
  • Evidence you suffered financial harm, such as a copy of your bank statements.

If you’re concerned about how to gather evidence to support your claim, you might be interested in getting help from a solicitor who specialises in email CC and BCC data breach claims. They could assist you in gathering relevant evidence to support your claim.

To learn whether one of our solicitors could assist with your claim, you can contact an advisor. They could answer any questions you might have about your case and check your eligibility to claim.

Someone Emailed Me And Used CC Instead of BCC By Mistake – What’s The Difference?

The key difference between sending emails CC and BCC is who can view all the recipients of that message. As email addresses are considered personal data, when sending an email to more than one recipient, such as a newsletter, the sender may want to use the blind carbon copy email feature. This feature conceals the email addresses from each other, thus protecting personal data.

However, there are times when the BCC feature is not appropriate, such as an email between work colleagues using company email addresses. In these cases, the carbon copy (CC) feature may be more appropriate. This feature also allows everyone who has been sent the email to respond and see the responses of others.

If someone sent you, along with other recipients, an email using CC instead of BCC by mistake, you might be eligible for compensation. However, you will need to meet the eligibility criteria. Our advisors can discuss data breach compensation eligibility. Get in touch using the contact details at the top of the page.

Laws That Apply In The UK

We used to follow the European Union (EU) General Data Protection Regulations (GDPR) in the UK. However, since we now left the EU, we have our own data security and privacy laws. Namely, what has come to be known as UK GDPR. Also, there are other bodies of legislation such as the Data Protection Act (DPA) in tandem with UK GDPR.

Types Of Data That Are Protected

UK GDPR protects two specific types of data. Personal data and special data. Your email address is classed as personal data. But for completion’s sake, we have explained both data categories below.

Personal data is all of the specific information that is tied to you in some way. In short, data that can identify you, or be exploited in some way. For example, your email address, phone numbers, name, date of birth, and postal address are personal data, obviously. But also other information can be classed as personal data. For example, your credit card number, or your bank account number and sort code.

Special data is all of the information that can be used to find out something about you, but might not be unique. For example, your ethnic background, religion, genome data and sexual preference are all special data. Also, things like memberships of political parties, or membership of trade unions. All of these types of derivative data have to be protected under UK GDPR.

If there is a failure to use blind carbon copy on email that causes a data breach can a person make a claim? For a data breach claim to be valid the onus is on the claimant to prove that the defendant failed to adequately secure their personal information. If the organisation that is handling the personal data did all they could to keep it safe yet a data breach still occurred it is unlikely a claim would succeed.

Types Of Human Error Causing Email Data Breaches

When we think about data breaches or personal information being accessed without authorisation we often think about cybercrimes and computer systems being hacked. But in the real world data breaches are very often caused because of human error. Under UK data protection laws those organisations/data controllers that collect personal data of others must keep it secure. If organisations fail to do this they are in breach of the law. To ensure the safety of personal data it is vital that organisations make sure their employees are data-aware. This can be done through training. When training lacks it opens the door for errors such as human errors to occur leading to personal information being exposed or unlawfully processed.

BCC In An Email – How Does BCC Work?

In this section, we’ll discuss what BCC is in an email. BCC stands for blind carbon copy. When you include the names of recipients in the BCC box and send a message, a copy is sent to everyone. Using BCC means that the recipients cannot see each other’s details.

It’s important for companies to understand when to use BCC. For example, hospitals must keep their patients’ names confidential when sending mass emails to avoid a medical data breach.

If you have been affected by a UK GDPR email address breach and suffered stress due to the incorrect, or lack of, usage of BCC, get in touch for free legal advice. Furthermore, our advisors can discuss examples of data protection breaches and the compensation you could be entitled to.

Why Do Email Data Breaches Happen?

How can a failure to use blind carbon copy on email data breach claim come about? Well, there are a number of root causes that could cause a BCC email data breach. Let’s look at them below.

  • Environment – here we are not necessarily talking about the actual work environment, but more the technological environment. For example, if the company has not enforced a group policy that ensures that both the CC and BCC fields are always visible when writing and sending emails. This is done as part of the fixed software configuration for the standardised company desktop.
  • Lack of awareness – probably the most common form of email data breach. Staff sending emails that simply don’t know what CC and BCC are.

How To Prevent The Failure To Use Blind Carbon Copy On Email

Some advice on how to prevent a failure to use blind carbon copy on email data breach claims is to train staff in proper usage of CC and BCC. These types of email breaches are often caused by human error. And here are a few tips on how to overcome this.

  • Ensure that staff are knowledgeable about their own responsibilities for protecting data under UK GDPR.
  • Train staff to understand what the difference is between CC and BCC, and to know when to use them.
  • Ensure that staff know to show both the CC and BCC fields when an email is being written.
  • Ensure that staff know what the internal reporting process is if they do accidentally cause an email data breach.

How To Sue If You Were Affected By A Blind Carbon Copy Email Data Breach

If you believe that you have a valid failure to use blind carbon copy on email data breach claim, we can help you. You can follow the three steps below to find out if your claim is valid, and to start a claim if it is.

  1. Call our claims team using the contact information at the end of the page. They are available 24 hours a day, 7 days a week. They will answer any questions you have, and provide you with critical information. For example, what the claims deadline will be.
  2. An expert advisor will evaluate your claim for you. They will let you know whether it is potentially valid or not. If it is, they will talk you through our claims process.
  3. One of our experienced team of data breach claim lawyers will begin processing your claim for you. In all likelihood, you won’t have to pay anything upfront to start the claim. As we will offer to work under a No Win No Fee agreement.

Data Breach Reporting

There are a couple of voluntary steps you can take prior to making a failure to use blind carbon copy on email data breach claim. Firstly, you can contact the data controller to find out if a data breach has happened. And if it has, how badly your data was affected. Secondly, you can report the data breach to the ICO. However, the ICO will usually only follow up on a report if your last meaningful contact with the data controller was in the last 3 months.

Non-Material And Material Damages

If you win your failure to use blind carbon copy on email data breach claim, you will be able to seek damages for two main reasons. The first is for monetary loss (material damages). This could be money you lost because of your data being exploited in some way. Or it could be money you had to pay out as a direct cost during the claims process. For example, telephone charges, postage or photocopying.

The second is for mental harm caused by trauma and stress (non-material damages). You don’t have to have suffered a financial loss to claim for non-material damages though. The Court of Appeal heard a case back in 2015, Vidal-Hall and others v Google Inc, that set a precedent. The claimants were successful and won compensation for mental harm, but had not incurred any monetary loss. Because of this precedent, you can potentially do the same.

Calculating Failure To Use Blind Carbon Copy On Email Data Breach Claims

Working out an average compensation amount for a successful data breach claim is impossible. As each claim has its own unique aspects. Instead, you can use the table below to work out which compensation category you might fall into. We used the guidelines that are produced by the Judicial College to make this table. Another option, is to try using our online compensation calculator to get a rough estimate of the value of your claim.

Psychiatric InjurySeverity CategoryDetailsGuideline Amount
Psychiatric DamageSevereAt the highest severity, the claimant is unable to cope with life in general, their family and relationships or work and education. The prognosis in this category is very poor. £54,830 - £115,730
Moderately SevereIn this category, the claimant suffers significant problems coping with general life, relationships, work or education. Although, at this severity, the outlook is much more positive.£19,070 - £54,830
ModerateThe claimant has suffered from similar problems to the categories above, but they've experienced marked improvements.£5,860 - £19,070
Less SevereThis category considers how long the claimant suffered a disability and what impact this had.£1,540 - £5,860
Post Traumatic Stress Disorder (PTSD)SevereIn this category, the claimant suffers permanent symptoms that impact all areas of their life badly.£59,860 - £100,670
Moderately SevereAt this severity, the claimant suffers a significant disability lasting in to the future. Professional help, however, can lead to some recover.£23,150 - £59,860
ModerateIn this bracket, the claimant makes a good recovery and if any continuing symptoms persist, they won't have a major impact.£8,180 - £23,150
Less SevereThe claimant may suffer some minor symptoms beyond 2 years. £3,950 - £8,180

No Win No Fee Failure To Use Blind Carbon Copy On Email Data Breach Claims

You could be able to use a No WIn No fee solicitor to make a failure to use blind carbon copy on email data breach claim. You would not pay your solicitor a fee upfront at the start of the claim, nor whilst it is being processed. If the claim fails, you still don’t pay the solicitor a fee. If it is won, a modest success fee may be due, that is legally capped. It can be collected from the settlement the lawyer was sent for you.

Get In Touch With Our Data Breach Team

Do you need some legal help to make a failure to use blind carbon copy on email data breach claim? Or perhaps some additional answers to questions? Then use the contact information to reach out to our team, any time of the day or night.

Telephone: 0800 073 8804

Use our webchat or fill in a contact request.

Learn More

Here are some useful external links.

Understanding Secure Email

Email Marketing Guidelines From The ICO

What Is SPAM Email?

Here are some links to more of our data breach guides.

Employer Data Breach Claims

Claiming For Post-Traumatic Stress Disorder

How To Claim For A Social Services Data Breach

Email Data Protection FAQs

Here are some short, simple answers to common email data breach claim questions.

What is a CC instead of a BCC mistake in GDPR?

This happens when your email address is exposed as a CC recipient when you should have been a BCC recipient.

Is revealing my email address a breach of GDPR?

Yes, your email address is considered to be personal data and cannot be shared unless there is a lawful basis.

Are emails covered under the UK GDPR?

Any personal information collected by a data controller is covered by the GDPR

Can you claim compensation for a data protection breach?

Can you make a failure to use blind carbon copy on email data breach claim? To hold a valid data breach claim you must be able to establish how the defendant failed to protect your data.

Other Useful Compensation Guides

Guide By Wheeler

Edited By Goldasz

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.