My Personal Data Wasn’t Locked Away Or Secured – Can I Claim?
By Jo Greenwood. Last Updated 15th June 2023. Any organisation that uses your personal information has a responsibility to make sure that it is properly stored and secured. If you suffered harm because someone accessed your information after your personal data was not locked away or secured, you could be eligible to make a claim for compensation.
This is a guide about data breaches. We’ll inform you of the responsibilities an organisation has in securing your personal data and the different ways they can be found liable for a data breach. We’ll also inform you of the steps you can take if you were affected by a data breach and explain how you can contact a solicitor to help you make a claim for compensation.
Our advisers can also help you with any questions you have about data breaches and making a claim. You can reach out to one now using:
Select A Section
- My Personal Data Was Not Locked Away Or Secured, Can I Claim?
- How Should Personal Data Be Handled?
- What Constitutes A Breach Of Data Protection?
- How To Claim If Your Personal Data Was Not Locked Away Or Secured
- What Could You Claim If Your Personal Data Was Not Locked Away Or Secured
- Begin Your Personal Data Breach Claim
When an organisation collects your personal data they become a data controller and are subject to the rules and regulations set out in data protection laws such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
One of the responsibilities they have under the legislation is the safe storing and securing of your personal data. Once it is provided to them, they are data controllers and it is their responsibility to safeguard it. If it is accessed by an unauthorised person, because it was poorly or insecurely stored; the organisation can be found liable for any resulting harm you suffer. You could be eligible to make a claim for compensation against them.
You can speak to an adviser now, for more information on what you can do if your data was exposed because your personal information was not locked away or secured.
Sensitive Vs Personal Data
While all personal data is protected, certain types of personal data come with more protections, special category data for example. This includes information about a person’s;
- Racial or ethnic origin;
- Political opinions;
- Religious or philosophical beliefs;
- Trade union membership;
- Genetic data;
- Biometric data (when used for identification);
- Health data;
- Sex life
- Sexual orientation.
Organisations have to present a valid reason for collecting or processing this type of data.
Please speak to an adviser if special category data about you was exposed because your personal data was not secured or locked away by an organisation.
Data security should be a priority in all aspects of handling personal data. Organisations should have good data management and privacy policies in place, and make sure they are being observed. This can be in regards to:
Whether the data is stored physically or digitally.
Physical files should be well categorised and if they contain personal information, locked away. Digital files should similarly be carefully managed. Files stored digitally should come with good IT and cybersecurity practices such as strong passwords and limiting access to the data storage devices.
Limiting employee access to personal information can help prevent data breaches. Access to personal information should only be granted to be people who need it and they should be made fully aware of data protection standards.
Smart data policies should be in place when collecting data. This can include not collecting more data than is necessary. An action such as this can limit the likelihood of a person being identified or harmed in a data breach incident.
It’s recommended not to retain a person’s data once it has served its purpose. This can help prevent and limit the exposure of a data breach.
If you suffered harm because a company did not properly manage your data, an adviser can inform you of the steps to take to make a claim for compensation.
Some common causes of data breaches in organisations are
Phishing is the act of a scammer pretending to be a different person or organisation in an email, in order to convince someone into sending their information.
The data controller has a responsibility to protect themselves from cyber-attacks.
Poor Administrative Processes:
Poor security practices can lead to the exposure of people’s data.
Actions such as:
- Weak, or shared passwords across sites
- Accessing work or personal data on shared computers
- Failing to lock away or secure personal information.
Can leave data vulnerable to unauthorised access.
Mis-delivery Of Data:
Human errors can occur when processing personal data. Acts like sending information to the wrong postal address, wrong email address or wrong phone numbers can lead to the exposure of people’s personal information.
If you suffered harm because your data was exposed because of poor data management, reach out to one of our advisers for information on the steps you can take.
The Information Commissioner’s Office (ICO) recommends making a complaint in writing that details the breach and the harm you suffered to the data controller.
If you are unsatisfied with their response, you can report the data breach incident to the ICO. You must do this within three months of your last communication with the organisation.
A data breach solicitor can help you formally compose any letters and help with collecting supporting evidence such as:
- Details of the breach
- Evidence of financial harm
- Evidence of mental harm
Please speak with one of our advisers to see if a data breach solicitor could help you begin action against an organisation for the harm you suffered.
To be eligible to make a personal data breach claim you must be able to prove how the data controller was liable for the breach. This may mean showing how they failed to comply with data protection laws in this country. You must have also suffered financial losses and/or mental harm.
Financial losses could be because:
- Your personal data was used to steal money from you
- You had to spend money towards treatment or care
- You were unable to, or lost out on work, because of the breach.
You can seek compensation for this, and similar losses from the breach, under material damages.
For the mental harm, you would seek non-material damages.
|Severe Psychiatric Disorder||A person's ability to cope with life and maintain relationships was heavily affected||£54,830 to £115,730|
|Moderately Severe Psychiatric Disorder||Similar injuries but with a better prognosis||£19,070 to £54,830|
|Moderate Psychiatric Disorder||Similar injuries but showing good improvement||£5,860 to £19,070|
|Less Severe Psychiatric Disorder||How long the person was affected for and whether they could perform daily tasks.||£1,540 to £5,860|
|Severe PTSD||Anxiety affecting a person to the point they cannot work||£59,860 to £100,670|
|Moderately Severe PTSD||Similar but with a better outlook for recovery||£23,150 to £59,860|
|Moderate PTSD||The person is mostly recovered with a few symptoms remaining||£8,180 to £23,150|
|Less Severe PTSD||The person will have made a more or less full recovery within two years||£3,950 to £8,180|
The decision in the Court of Appeal case, Vidal-Hall and others v Google Inc 2015, means you can seek out a claim for mental harm without having suffered financial losses.
For more information on the compensation you could be awarded for suffering a data breach, please speak to one of our advisers.
If you’re eligible to make a personal data breach compensation claim, you may wish to have a solicitor help you. One of our data breach solicitors could help you with your particular case. They could assist you with gathering evidence, ensuring your claim is filed within the correct time limit, and guiding you through the claim process.
Additionally, they may offer a Conditional Fee Agreement (CFA) to you, which is a type of No Win No Fee arrangement. Under a CFA, you will not be required to pay for your solicitor’s services if your claim were to be unsuccessful.
To find out if you could be eligible to work with one of our No Win No Fee solicitors for your personal data breach claim, you can contact our advisors. Our team is available 7 days a week to help you. You can contact our advisors by:
Learn More About Securing Your Data
We’ve included some additional links you might find useful including:
- ICO: Make A Complaint – A guide showing you how to formally make a complaint against a company
- ICO: Taking Your Case To Court – A guide informing you what the claims process would entail
- GOV: Data Protection Rights – The government’s guide explaining your data protection rights
Thank you for reading our guide on making a claim because your personal data was not locked away or secured. We also offer guides on other topics such as:
- Making A Claim Against An Employer For A Personal Data Breach
- Stolen Phone Data Breach Claims
- Stolen Computer Data Breach Claims
Please get in touch with our advisers for any more information you might need.