The Police Failed To Redact My Personal Data, Can I Claim?
By Danielle Jordan. Last Updated 3rd August 2023. Protecting the public is one of the many roles police officers have to undertake on a day-to-day basis. To do this, they have to collect personal data. They may also need to share certain pieces of information to provide their services. However, if police failed to redact personal data when it didn’t need to be shared, this could cause harm.
This guide will provide information on what you could do if you’ve had personal data involved in a data breach. There will be further information on your role as a data subject, as well as how your data is protected by the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR).
A guide about what you could do if police failed to redact your personal data
The data subject, the data controller and the data processor are terms you may be unfamiliar with. These terms are used to describe the three main parties of data processing.
The data subject is the one whose personal information is processed. The data controller is an organisation that decides how the data is going to be processed and why. Lastly, the data processor is the organisation that is sometimes directed by the data controller to process personal data on their behalf.
Here is how you could get in contact with us:
- We have a live chat feature active
- Call us on 0800 073 8804
- Contact us via our website
Select A Section
- The Police Failed To Redact My Personal Data, Can I Make A Data Breach Claim?
- Police Force Data Breach Statistics
- When Does Data Need To Be Redacted?
- If The Police Failed To Redact My Personal Data, Do I Report It To The ICO?
- How Much Could I Claim If Police Failed To Redact My Personal Information?
- Begin Your Data Breach Claim Against The Police
The Police Failed To Redact My Personal Data, Can I Make A Data Breach Claim?
A data breach involves a security incident that leads to the destruction, loss, disclosure, alteration of or access to personal data.
Personal data (or personal information) is data that can identify you, whether alongside other data or on its own. Examples of personal data include:
- Your name
- Your address
- Ip addresses
- Personal email addresses
There are many ways that a data breach could happen, as we live in an age where data is stored both electronically and on paperwork. Malware attacks, human error, and disclosure of information to those with unauthorised access: these are just a few examples of the different types of causes of data breaches.
The impact of personal data breaches can affect the psychological and financial health of the individuals involved.
Organisations and authorities could hold personal information such as contact details, date of birth and criminal offence data. Police could also hold onto sensitive information, which may include data about your race or ethnicity.
How Long Do I Have To Make A Data Breach Claim?
If you are eligible to seek compensation for a breach of your personal data, you must do so within the correct time limits. Generally, you will have 6 years to start a personal data breach claim. However, this is reduced to 1 year if you are claiming against a public body.
For more information about claiming for a personal data breach, get in touch with our advisors. If you are within the time limit and have an eligible claim, you could be passed onto one of our No Win No Fee solicitors.
Police Force Data Breach Statistics
Personal data breaches have impacted different business sectors and charities. The statistics from the Cyber Security Breaches Survey 2021 demonstrate the most common threat of data breaches or attacks amongst businesses and charities were phishing scams.
Data Breach Graphs
According to the Information Commissioner’s Office (ICO), which enforces data protection law in the UK, over the 3rd quarter of 2021/22, in all sectors, there were 2,404 data security incidents. This is a combination of non-cyber incidents and cyber incidents. The Justice sector incurred a total of 33, across both types of incidents. There weren’t any recorded breaches caused by a failure to redact personal information in this sector.
When Does Data Need To Be Redacted?
When data needs to be redacted, it is removed from the document it’s in, but the rest of the information can be released without data protection laws being breached. This helps protect individuals by hiding personal information that could be used to identify them.
Examples of when data needs to be redacted:
- If a Subject Access Request (SAR) is made and there’s personal information that doesn’t relate to the person who is requesting the data.
- When information is published online and there’s no lawful reason for the personal data to be included.
If The Police Failed To Redact My Personal Data, Do I Report It To The ICO?
If a personal data breach affects your rights and freedoms, the organisation that is aware of the breach should inform you as well as the ICO. However, if you suspect a data breach and haven’t had notification of it, you should contact the organisation.
Should the organisation not respond satisfactorily, you could contact the ICO. However, you’d need to do this within 3 months of the organisation’s final response on the matter.
The ICO may then open an investigation. It’s important to remember that you cannot claim compensation through the ICO, but they may take measures such as imposing a fine on the responsible party.
How Much Could I Claim If Police Failed To Redact My Personal Information?
For calculating the amount of data breach compensation you could be owed, we offer a free tool for you to assess what your claim could be worth. You can use our compensation calculator.
The Judicial College produces guideline compensation brackets for psychological injuries. These brackets are based on previous personal injury claims that have been settled at court. There are some examples from the Guidelines in the compensation table below.
| Types of Psychological Issues | Brackets of compensation | Description |
|---|---|---|
| Psychiatric Damage Generally: Severe | £54,830 to £115,730 | There would be a strong effect on daily functioning. |
| Psychiatric Damage Generally: Moderately Severe | £19,070 to £54,830 | Problems that affect the person’s ability to cope with life. |
| Psychiatric Damage Generally: Less Severe | £1,540 to £5,860 | A disability that impacts the quality of sleep or the ability to achieve daily activities. |
| Anxiety: Severe | £59,860 to £100,670 | Long-lasting effects of PTSD, which would cause the prevention from working. |
| Anxiety: Moderate | £8,180 to £23,150 | A recovery may be made but there is still some effects of the PTSD. |
| Anxiety: Less Severe | £3,950 to £8,180 | Making an almost full recovery within two years and only having minor symptoms afterwards. |
Material Damages
Material damages are the compensation that could be awarded for the financial impact a data breach has on a data subject. For these damages, it would be beneficial for you to assess if any current or potential future losses have or would be inflicted on you.
How could you assess losses after the police failed to redact your personal data?
You can assess the in and out-goings of your bank accounts, additionally, you can assess items such as:
- Debit/Credit card details
- Bank statements/ details
- Credit rating
Non-Material Damages
This term is used when discussing the compensation for the mental turmoil that you could suffer as a result of a data breach.
A medical assessment may be required in order to determine the severity of the mental harm you have suffered. An independent healthcare professional would assess your psychological injuries and make a report. This report could be used to help value your claim.
In the case of Vidal-Hall and others v Google Inc (2015), the Court determined that compensation could be claimed for mental harm, even if there is no financial harm. Previous cases showed that financial damage was required in order to claim for mental damages. Now, you can claim for either non-material or material damage or both.
For any further information on what you could do if the police failed to redact your personal data, then please don’t hesitate to contact our advisors. They are here to help you through the claims process and give you advice on how you could proceed.
Begin Your Data Breach Claim Against The Police
To answer any questions you may have about what to do if the police failed to redact your personal data, our advisors are available 24/7 to offer answers, advice and guidance. You can contact us:
- By telephone, on 0800 073 8804
- Via our live chat feature
- Using our contact form
A No Win No Fee Agreement
No Win No Fee arrangements are a form of funding legal representation for a number of different claims. It is an arrangement that is made between you and your solicitor. It covers the work the solicitor will do and the fee that would be paid if your claim is successful.
If you have any questions about No Win No Fee arrangements, there are links provided at the bottom of this page that go into more detail about No Win No Fee arrangements. However, you could give us a call and our advisors would be happy to explain the process.
Public Body Data Protection Breach Resources
There is a collection of resources that could be useful and interesting to you linked below:
- Police Data Breach Compensation Claims Guide
- Medical records data breach
- Data has been breached, what can I do?
The ICO has guides and information on what you can do if a data breach occurs:
- Make a complaint
- How to report a breach
- How to minimise the risk of personal data breaches happening
If you have any questions or queries about what to do if the police failed to redact personal data, then please don’t hesitate to contact our advisors.
